5 matches found
Improper Preservation Of Permissions
github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NOPERMISSION response when the user should have permission...
CVE-2024-38361
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-38361
SpiceDB (spicedb) vulnerability CVE-2024-38361 affects the permission-check flow: an exclusion under an arrow with multiple resources may cause a NO_PERMISSION response when PERMISSION is expected on CheckPermission, due to a failure in the exclusion dispatcher to query all folders a user can acc...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...