6 matches found
CVE-2022-39341
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...
GHSA-F4MM-2R69-MG5F OpenFGA Authorization Bypass
Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 or prior, and your mode...
CVE-2022-39341
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...
CVE-2022-39341 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...
PT-2022-24912 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue concerns authorization bypass under certain conditions, specifically when a relation is defined as a tupleset involving anything other than ...
PT-2022-24911 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue allows for authorization bypass under certain conditions, specifically when users have a wildcard defined on tupleset relations in their...