Описание
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.2.5 (исключая)
cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00261
Низкий
4.8 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
EPSS
Процентиль: 49%
0.00261
Низкий
4.8 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-863
CWE-863