Lucene search

Veracode Vulnerability DatabaseVERACODE:46410

HistoryApr 15, 2024 - 8:30 a.m.

Improper Handling Of Exceptional Conditions

2024-04-1508:30:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

improper handling of exceptional conditions

vulnerability

access control

2.2 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

github.com/authzed/spicedb is vulnerable Improper Handling Of Exceptional Conditions. The vulnerability causes incorrect results when using a specific schema involving the same subject type multiple times in a relation. This issue leads to incorrect access control decisions when relying on LookupSubjects for negative authorization.

CPENameOperatorVersion
github.com/authzed/spicedblev1.30.0
github.com/authzed/spicedblev1.30.0

CPE	Name	Operator	Version
	github.com/authzed/spicedb	le	v1.30.0
	github.com/authzed/spicedb	le	v1.30.0

References

github.com/authzed/spicedb/commit/a244ed1edfaf2382711dccdb699971ec97190c7b

github.com/authzed/spicedb/releases/tag/v1.30.1

github.com/authzed/spicedb/security/advisories/GHSA-j85q-46hg-36p2

2.2 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46410