GHSA-JH6H-V6MP-H22V milvus: RBAC grantee-id uses truncated MD5 (64-bit), enabling privilege-binding collisions and cross-role privilege forgery
A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...