Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenFGA has Improper Policy Enforcement
Vulnerability Description
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for a subsequent request. The preconditions for vulnerability are the model having relations which rely on condition evaluation and the user having caching enabled. OpenFGA v1.14.1 contains a fix.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenFGA 安全漏洞
Vulnerability Description
OpenFGA是OpenFGA开源的一款为开发人员构建并受 Google Zanzibar 启发的高性能和灵活的授权/许可引擎。 OpenFGA 1.14.1之前版本存在安全漏洞,该漏洞源于在特定场景下,使用缓存条件的模型可能导致两个不同的检查请求产生相同的缓存键,从而重用早期缓存结果,可能导致授权绕过。
CVSS Information
N/A
Vulnerability Type
N/A