2 matches found
GHSA-3GFJ-FXX4-F22W OpenFGA Authorization Bypass
Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.4 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.4 or prior, and have tupl...
GHSA-95X7-MH78-7W2R OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...