High severityNVD Advisory· Published Apr 16, 2024· Updated Aug 2, 2024
OpenFGA Authorization Bypass
CVE-2024-31452
Description
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. a but not b) or intersection (e.g. a and b). This vulnerability is fixed in v1.5.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openfga/openfgaGo | >= 1.5.0, < 1.5.3 | 1.5.3 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8cph-m685-6v6rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-31452ghsaADVISORY
- github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2ghsax_refsource_MISCWEB
- github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6rghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.