You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using ListObjects with specific models. The affected models contain expressions of type rel1 from type1. This issue has been patched in version 1.3.1.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/openfga/openfga
vulnerable_at: 1.3.1
packages:
- package: openfga
description: |-
OpenFGA is an authorization/permission engine built for developers and inspired
by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable
to authorization bypass when calling the ListObjects API. The vulnerability
affects customers using `ListObjects` with specific models. The affected models
contain expressions of type `rel1 from type1`. This issue has been patched in
version 1.3.1.
cves:
- CVE-2023-40579
references:
- advisory: https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp
- web: https://github.com/openfga/openfga/releases/tag/v1.3.1
The text was updated successfully, but these errors were encountered:
CVE-2023-40579 references github.com/openfga/openfga, which may be a Go module.
Description:
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using
ListObjects
with specific models. The affected models contain expressions of typerel1 from type1
. This issue has been patched in version 1.3.1.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: