OpenFGA Authorization Bypass via tupleset wildcard

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 and you added a tuple...

GHSA-F4MM-2R69-MG5F OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 or prior, and your mode...

GHSA-95X7-MH78-7W2R OpenFGA subject to Information Disclosure via streamed-list-objects endpoint

Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...

OpenFGA subject to Information Disclosure via streamed-list-objects endpoint

Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...