Lucene search
Veracode Vulnerability DatabaseVERACODE:37687HistoryOct 26, 2022 - 4:34 a.m.
Information Disclosure
2022-10-2604:34:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
vulnerability
information disclosure
improper validation
authorization header
sensitive information
openfga
0.001 Low
EPSS
Percentile
31.0%
github.com/openfga/openfga is vulnerable to information disclosure. The vulnerability is due to improper validation for the streamed-list-objects endpoint in the authorization header, allowing an attacker to gain sensitive information through the objects in the store.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/openfga/openfga | le | v0.2.3 | |
| github.com/openfga/openfga | le | v0.2.3 |
Related
prion
prion
Authorization
2022-10-25 17:15:00
osv
osv
CVE-2022-39340
2022-10-25 17:15:56
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
2022-10-25 20:13:38
github
github
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
2022-10-25 20:13:38
nvd
nvd
CVE-2022-39340
2022-10-25 17:15:56
cve
cve
CVE-2022-39340
2022-10-25 17:15:56
cvelist
cvelist
CVE-2022-39340 OpenFGA Information Disclosure
2022-10-25 00:00:00