VYPR
Moderate severityNVD Advisory· Published Oct 25, 2022· Updated Apr 23, 2025

OpenFGA Authorization Bypass

CVE-2022-39341

Description

OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (*) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/openfga/openfgaGo
< 0.2.40.2.4

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.