Lucene search
K
OpenfgaHelm Charts

10 matches found

CVE
CVE
added 2025/02/19 8:18 p.m.2664 views

CVE-2025-25196

CVE-2025-25196 concerns OpenFGA (< v1.8.4; Helm chart < openfga-0.2.22; docker

9.8CVSS6.4AI score0.00401EPSS
CVE
CVE
added 2025/01/13 9:33 p.m.1097 views

CVE-2024-56323

OpenFGA Open Authorization Engine (versions v1.3.8–v1.8.2; Helm openfga-0.1.38–0.2.19; docker 1.3.8–1.8.2) contains a critical authorization bypass vulnerability (CVE-2024-56323). Root cause: when a model uses conditions and contextual tuples are provided in Check or ListObjects calls, and OPENFG...

9.8CVSS6.6AI score0.00428EPSS
CVE
CVE
added 2025/05/22 10:20 p.m.233 views

CVE-2025-48371

OpenFGA Open Authorization bypass (CVE-2025-48371) affects versions 1.8.0–1.8.12 of OpenFGA (and corresponding Helm/dockers) where certain Check and ListObjects calls can bypass access controls under specific conditions involving relationships that can be publicly assigned and usersets, contextua...

8.8CVSS6.6AI score0.00408EPSS
CVE
CVE
added 2025/04/30 6:27 p.m.210 views

CVE-2025-46331

OpenFGA vulnerability CVE-2025-46331 affects OpenFGA v1.8.10 through v1.3.6 (Helm chart <= openfga-0.2.28, docker

9.8CVSS6.6AI score0.00327EPSS
CVE
CVE
added 2026/02/06 5:51 p.m.31 views

CVE-2026-24851

CVE-2026-24851 technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.4AI score0.00308EPSS
CVE
CVE
added 2025/08/18 7:23 p.m.27 views

CVE-2025-55213

OpenFGA is affected by an Authorization Bypass vulnerability in which improper policy enforcement occurs during certain Check and ListObject calls. Affected versions are OpenFGA v1.9.3 to v1.9.4 (including openfga-0.2.40 to 0.2.41 and docker/v1.9.4). The issue is fixed in v1.9.5. Impact is descri...

9.8CVSS7AI score0.00295EPSS
CVE
CVE
added 2025/11/21 1:24 a.m.23 views

CVE-2025-64751

CVE-2025-64751 affects OpenFGA v1.4.0–v1.11.0 (openfga-0.1.34–0.2.48 Helm; v1.4.0–v1.11.0 Docker). It is due to improper policy enforcement when certain Check and ListObject calls are executed, with patches available in v1.11.1. Impact is described as high in CVSS metrics (base score 8.8; confide...

8.8CVSS6.5AI score0.00256EPSS
CVE
CVE
added 2026/06/10 3:9 p.m.22 views

CVE-2026-48096

OpenFGA: The CVE affects the OpenFGA authorization engine prior to v1.16.0 due to an issue with iterator caching where two distinct check requests could produce the same cache key, causing reuse of an earlier cached result. The root cause is described as a cache-key issue in the shared-iterator a...

5.3CVSS5.4AI score0.00101EPSS
CVE
CVE
added 2026/04/06 8:41 p.m.19 views

CVE-2026-34972

OpenFGA vulnerability CVE-2026-34972 affects OpenFGA versions 1.8.0 through 1.13.1. The issue arises when BatchCheck is invoked with multiple checks for the same object, relation, and user, leading to improper policy enforcement. It is resolved in version 1.14.0. CVSS metrics indicate high impact...

8.8CVSS5.9AI score0.00211EPSS
CVE
CVE
added 2026/04/21 11:38 p.m.16 views

CVE-2026-41131

CVE-2026-41131 affects OpenFGA prior to version 1.14.1. In scenarios where models use conditions with caching enabled, two distinct check requests can yield the same cache key, causing an earlier cached result to be reused for a later request. Preconditions: the model has relations that rely on c...

5CVSS5.8AI score0.00145EPSS