漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Vulnerability Description
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
不恰当实现的标准安全检查
Vulnerability Title
SpiceDB 安全特征问题漏洞
Vulnerability Description
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.44.2之前版本存在安全特征问题漏洞,该漏洞源于涉及箭头关系的模式评估问题,可能导致错误响应。
CVSS Information
N/A
Vulnerability Type
N/A