CVE-2022-39352
- EPSS 0.42%
- Veröffentlicht 08.11.2022 08:15:09
- Zuletzt bearbeitet 21.11.2024 07:18:05
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wil...
CVE-2022-39340
- EPSS 0.67%
- Veröffentlicht 25.10.2022 17:15:56
- Zuletzt bearbeitet 21.11.2024 07:18:04
OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior...
CVE-2022-39342
- EPSS 0.86%
- Veröffentlicht 25.10.2022 17:15:56
- Zuletzt bearbeitet 21.11.2024 07:18:04
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that in...
CVE-2022-39341
- EPSS 0.86%
- Veröffentlicht 25.10.2022 17:15:56
- Zuletzt bearbeitet 21.11.2024 07:18:04
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. V...