Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfga openfga vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-23542
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it exists that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version ...
Openfga Openfga
9.8
CVSSv3
CVE-2022-39352
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions before 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset...
Openfga Openfga
9.8
CVSSv3
CVE-2022-39341
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Version 0.2.4 contains a patch ...
Openfga Openfga
9.8
CVSSv3
CVE-2022-39342
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a ‘from’ statement) that involves anything ot...
Openfga Openfga
7.5
CVSSv3
CVE-2023-45810
OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasi...
Openfga Openfga
7.5
CVSSv3
CVE-2023-35933
OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are af...
Openfga Openfga
6.5
CVSSv3
CVE-2024-23820
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions before 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those call...
Openfga Openfga
6.5
CVSSv3
CVE-2023-40579
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with sp...
Openfga Openfga
5.9
CVSSv3
CVE-2023-43645
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call...
Openfga Openfga
5.3
CVSSv3
CVE-2022-39340
OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA ...
Openfga Openfga
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »