Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
Vulnerability Description
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union (+) and that union references the same relation on both sides (but one side arrows to a different permission). Then SpiceDB may have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. The issue is fixed in version 1.47.1.
CVSS Information
N/A
Vulnerability Type
不安全的继承权限
Vulnerability Title
SpiceDB 安全漏洞
Vulnerability Description
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.47.1之前版本存在安全漏洞,该漏洞源于权限定义不当,可能导致LookupResources结果缺失。
CVSS Information
N/A
Vulnerability Type
N/A