Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Vulnerability Description
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
不恰当实现的标准安全检查
Vulnerability Title
SpiceDB 安全特征问题漏洞
Vulnerability Description
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.44.2之前版本存在安全特征问题漏洞,该漏洞源于涉及箭头关系的模式评估问题,可能导致错误响应。
CVSS Information
N/A
Vulnerability Type
N/A