-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-23542 #1179
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
timothy-king
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Dec 20, 2022
Change https://go.dev/cl/459035 mentions this issue: |
This was referenced Aug 25, 2023
Closed
Change https://go.dev/cl/592835 mentions this issue: |
This was referenced Aug 9, 2024
Closed
Change https://go.dev/cl/607232 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-1160.yaml - data/reports/GO-2022-1161.yaml - data/reports/GO-2022-1164.yaml - data/reports/GO-2022-1171.yaml - data/reports/GO-2022-1179.yaml - data/reports/GO-2022-1181.yaml - data/reports/GO-2022-1189.yaml - data/reports/GO-2022-1190.yaml - data/reports/GO-2022-1191.yaml - data/reports/GO-2022-1192.yaml - data/reports/GO-2022-1200.yaml - data/reports/GO-2022-1204.yaml - data/reports/GO-2022-1205.yaml - data/reports/GO-2022-1206.yaml - data/reports/GO-2022-1208.yaml - data/reports/GO-2022-1212.yaml - data/reports/GO-2022-1215.yaml - data/reports/GO-2022-1216.yaml - data/reports/GO-2022-1217.yaml - data/reports/GO-2022-1218.yaml Updates #1160 Updates #1161 Updates #1164 Updates #1171 Updates #1179 Updates #1181 Updates #1189 Updates #1190 Updates #1191 Updates #1192 Updates #1200 Updates #1204 Updates #1205 Updates #1206 Updates #1208 Updates #1212 Updates #1215 Updates #1216 Updates #1217 Updates #1218 Change-Id: I342a98eb3c967b16853089cb8f66a898af13b544 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607232 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2022-23542 references github.com/openfga/openfga, which may be a Go module.
Description:
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: