3 matches found
CVE-2022-39341
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...
PT-2022-24921 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.5 Description: OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. The issue allows for authorization bypass under certain conditions, specifically when a tuple with a...
CVE-2022-39341 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue...