github.com/openfga/openfga is vulnerable to authorization bypass. The vulnerability exists when the tuples user field is set to userset
and the tuple’s relation is used on the right-hand side of the from
statement which allows an attacker to bypass the authorization mechanism under certain conditions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/openfga/openfga | le | v0.2.4 | |
github.com/openfga/openfga | le | v0.2.4 |