CVE-2022-23542

Опубликовано: 20 дек. 2022

Источник: nvd

CVSS3: 7.7

CVSS3: 9.8

EPSS Низкий

Описание

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.

Ссылки

https://github.com/openfga/openfga/pull/422
Patch
Third Party Advisory
https://github.com/openfga/openfga/releases/tag/v0.3.1
Release Notes
Third Party Advisory
https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m
Third Party Advisory
https://github.com/openfga/openfga/pull/422
Patch
Third Party Advisory
https://github.com/openfga/openfga/releases/tag/v0.3.1
Release Notes
Third Party Advisory
https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*

Версия до 0.3.1 (исключая)

EPSS

Процентиль: 61%

0.0042

Низкий

7.7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-285

Связанные уязвимости

GHSA-m3q4-7qmj-657m

github

около 3 лет назад

OpenFGA Authorization Bypass

EPSS

Процентиль: 61%

0.0042

Низкий

7.7 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-285