CVE-2024-46989: SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
(updated )
Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API.
References
- github.com/advisories/GHSA-jhg6-6qrx-38mr
- github.com/authzed/spicedb
- github.com/authzed/spicedb/commit/20855de75812bcbc975efebe7f76abf47c0f3edb
- github.com/authzed/spicedb/commit/d4ef8e1dbce1eafaf25847f4c0f09738820f5bf2
- github.com/authzed/spicedb/security/advisories/GHSA-jhg6-6qrx-38mr
- nvd.nist.gov/vuln/detail/CVE-2024-46989
Code Behaviors & Features
Detect and mitigate CVE-2024-46989 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →