Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenFGA Information Disclosure
Vulnerability Description
OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
OpenFGA 安全漏洞
Vulnerability Description
OpenFGA是OpenFGA的为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 0.2.4之前版本存在安全漏洞,该漏洞源于端点没有验证授权标头,导致存储中的对象泄露。
CVSS Information
N/A
Vulnerability Type
N/A