VYPR

Openfga

by Openfga

Source repositories

CVEs (26)

  • CVE-2023-35933Jun 26, 2023
    risk 0.00cvss epss 0.01

    OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are…

  • CVE-2022-23542Dec 20, 2022
    risk 0.00cvss epss 0.01

    OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in…

  • CVE-2022-39352Nov 8, 2022
    risk 0.00cvss epss 0.00

    OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a…

  • CVE-2022-39340Oct 25, 2022
    risk 0.00cvss epss 0.01

    OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA…

  • CVE-2022-39342Oct 25, 2022
    risk 0.00cvss epss 0.01

    OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything other…

  • CVE-2022-39341Oct 25, 2022
    risk 0.00cvss epss 0.01

    OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch…

Page 2 of 2