8 matches found
CVE-2026-34972
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. From 1.8.0 to 1.13.1, under specific conditions, BatchCheck calls with multiple checks sent for the same object, relation, and user combination can result in improper...
Improper Authorization
github.com/authzed/spicedb is vulnerable to Improper Authorization. The vulnerability is due to incorrect handling of permission unions referencing the same relation in the LookupResources API, which allows an attacker to bypass expected permission checks by causing incomplete or missing...
SUSE CVE-2025-65111
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...
CVE-2025-65111
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...
CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...
CVE-2025-65111
CVE-2025-65111 affects SpiceDB prior to version 1.47.1. Affected behavior: when a schema defines a permission as a union and the union references the same relation on both sides (but one side points to a different permission), the LookupResources API may return incomplete results. Other APIs calc...
CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...
PT-2025-47815
Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.47.1 Description SpiceDB is a database system used for managing security-critical application permissions. Versions of SpiceDB prior to 1.47.1 may exhibit incomplete LookupResources results when checking permissions...