OpenFGA Authorization Bypass (Check)

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5.

N/A

授权机制不正确

OpenFGA 安全漏洞

OpenFGA是OpenFGA开源的一款为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA v1.9.3至v1.9.4版本存在安全漏洞，该漏洞源于策略执行不当，可能导致授权绕过。

N/A

N/A