Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenFGA Authorization Bypass
Vulnerability Description
OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard (*) assigned to a tupleset relation (the right hand side of a ‘from’ statement). This issue has been patched in version v0.2.5. This update is not backward compatible with any authorization model that uses wildcard on a tupleset relation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenFGA 安全漏洞
Vulnerability Description
OpenFGA是OpenFGA的为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 0.2.5之前版本存在安全漏洞,该漏洞源于容易绕过授权。
CVSS Information
N/A
Vulnerability Type
N/A