Lucene search

Veracode Vulnerability DatabaseVERACODE:47679

HistoryJun 21, 2024 - 5:36 a.m.

Improper Preservation Of Permissions

2024-06-2105:36:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

authzed

spicedb

vulnerability

exclusion dispatcher

failure

preservation

permissions

incorrect response

software

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

github.com/authzed/spicedb is vulnerable to Improper Preservation Of Permissions. The vulnerability is due to a failure in the exclusion dispatcher to request all the folders in which the user is a member, leading to an incorrect NO_PERMISSION response when the user should have permission.

CPENameOperatorVersion
github.com/authzed/spicedblev1.33.0
github.com/authzed/spicedblev1.33.0

CPE	Name	Operator	Version
	github.com/authzed/spicedb	le	v1.33.0
	github.com/authzed/spicedb	le	v1.33.0

References

github.com/advisories/GHSA-grjv-gjgr-66g2

github.com/authzed/spicedb/commit/ecef31d2b266fde17eb2c3415e2ec4ceff96fbeb

github.com/authzed/spicedb/security/advisories/GHSA-grjv-gjgr-66g2

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47679