CVE-2022-39342

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...

CVE-2022-39341

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

GO-2022-1080 OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga

OpenFGA Authorization Bypass via tupleset wildcard in github.com/openfga/openfga...

Authorization

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

PT-2022-24921 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.5 Description: OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. The issue allows for authorization bypass under certain conditions, specifically when a tuple with a...

CVE-2022-39352 OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

CVE-2022-39352 OpenFGA Authorization Bypass

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

Authorization Bypass

github.com/openfga/openfga is vulnerable to authorization bypass. Users whose model has a relation defined as a tupleset the right hand side of a from statement that involves anything other than a direct relationship are vulnerable to authorization bypass under certain conditions...

GHSA-VJ4M-83M8-XPW5 OpenFGA Authorization Bypass via tupleset wildcard

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 and you added a tuple...

OpenFGA Authorization Bypass via tupleset wildcard

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 and you added a tuple...

GHSA-F4MM-2R69-MG5F OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 or prior, and your mode...

CVE-2022-39341

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

Authorization

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

CVE-2022-39341 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...

PT-2022-24912 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue concerns authorization bypass under certain conditions, specifically when a relation is defined as a tupleset involving anything other than ...

CVE-2022-39342 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...

PT-2022-24911 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue allows for authorization bypass under certain conditions, specifically when users have a wildcard defined on tupleset relations in their...

CVE-2022-39341 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...