CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

OSV•added 2024/08/21 4:3 p.m.•9 views

GO-2022-1080 OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga

OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga...

9.8CVSS9.4AI score0.00352EPSS

Exploits0References4

OSV•added 2024/08/21 4:3 p.m.•14 views

GO-2022-1081 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

9.8CVSS9.4AI score0.00352EPSS

Exploits0References4

Veracode•added 2024/08/12 6:33 a.m.•8 views

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of authorization logic with 'but not' and 'from' expressions and a userset, allowing an attacker to bypass authorization checks and gain unauthorized access to resources...

9.8CVSS6.8AI score0.00067EPSS

Exploits0References3Affected Software1

OSV•added 2024/06/04 3:19 p.m.•9 views

GO-2024-2729 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

9.8CVSS8AI score0.00113EPSS

Exploits0References3

Veracode•added 2022/12/21 6:47 a.m.•16 views

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability exists in the readUserTuple function in checkutils.go due to the lack of validation in authorization mechanism which allows an attacker to bypass the authorization mechanism under certain conditions...

9.8CVSS8.9AI score0.0042EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by