3 matches found
The vulnerability of the SpiceDB database, related to deficiencies in the error reporting mechanism, allows an intruder to gain unauthorized access to protected information.
The vulnerability of the SpiceDB database is related to deficiencies in the mechanism for generating error reports when processing the /debug/pprof/cmdline command with the --grpc-preshared-key parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
Information Disclosure
github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the MetricsHandler function in defaults.go because it exposes the --grpc-preshared-key flag in the spicedb serve command which allows an attacker to gain access to the secret key and preform unauthoriz...
CVE-2023-29193 SpiceDB binding metrics port to untrusted networks and can leak command-line flags
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...