OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

授权机制不恰当

OpenFGA 授权问题漏洞

OpenFGA是OpenFGA的为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 0.3.1之前版本存在授权问题漏洞，该漏洞源于在某些情况下容易被授权绕过。

N/A

N/A