You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. a but not b) or intersection (e.g. a and b). This vulnerability is fixed in v1.5.3.
CVE-2024-31452 references github.com/openfga/openfga, which may be a Go module.
Description:
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g.
a but not b
) or intersection (e.g.a and b
). This vulnerability is fixed in v1.5.3.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: