Vulnerability Description
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openfga | Openfga | < 0.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/openfga/openfga/pull/422PatchThird Party Advisory
- https://github.com/openfga/openfga/releases/tag/v0.3.1Release NotesThird Party Advisory
- https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657mThird Party Advisory
- https://github.com/openfga/openfga/pull/422PatchThird Party Advisory
- https://github.com/openfga/openfga/releases/tag/v0.3.1Release NotesThird Party Advisory
- https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657mThird Party Advisory
FAQ
What is CVE-2022-23542?
CVE-2022-23542 is a vulnerability with a CVSS score of 7.7 (HIGH). OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable t...
How severe is CVE-2022-23542?
CVE-2022-23542 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23542?
Check the references section above for vendor advisories and patch information. Affected products include: Openfga Openfga.