OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-25T19:46:40.700Z
Updated: 2024-08-02T18:38:50.698Z
Reserved: 2023-08-16T18:24:02.391Z
Link: CVE-2023-40579
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-25T20:15:08.800
Modified: 2023-08-31T17:39:36.077
Link: CVE-2023-40579
Redhat
No data.