OpenFGA has Improper Policy Enforcement

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for a subsequent request. The preconditions for vulnerability are the model having relations which rely on condition evaluation and the user having caching enabled. OpenFGA v1.14.1 contains a fix.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

授权机制不正确

OpenFGA 安全漏洞

OpenFGA是OpenFGA开源的一款为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 1.14.1之前版本存在安全漏洞，该漏洞源于在特定场景下，使用缓存条件的模型可能导致两个不同的检查请求产生相同的缓存键，从而重用早期缓存结果，可能导致授权绕过。

N/A

N/A