Lucene search
Veracode Vulnerability DatabaseVERACODE:37978HistoryNov 11, 2022 - 2:30 a.m.
Authorization Bypass
2022-11-1102:30:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
github
openfga
authorization
bypass
vulnerability
tuples
user field
relation
from statement
attacker
mechanism
software
0.002 Low
EPSS
Percentile
57.5%
github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability exists when the tuples user field is set to userset and the tuple’s relation is used on the right-hand side of the from statement which allows an attacker to bypass the authorization mechanism under certain conditions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/openfga/openfga | le | v0.2.4 | |
| github.com/openfga/openfga | le | v0.2.4 |
Related
osv
osv
OpenFGA Authorization Bypass
2022-11-08 22:31:25
CVE-2022-39352
2022-11-08 08:15:09
nvd
nvd
CVE-2022-39352
2022-11-08 08:15:09
cvelist
cvelist
CVE-2022-39352 OpenFGA Authorization Bypass
2022-11-08 00:00:00
cve
cve
CVE-2022-39352
2022-11-08 08:15:09
github
github
OpenFGA Authorization Bypass
2022-11-08 22:31:25
prion
prion
Authorization
2022-11-08 08:15:00