CVE-2022-23542: Improper Authorization

December 20, 2022

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.

References

github.com/advisories/GHSA-m3q4-7qmj-657m
github.com/openfga/openfga/pull/422
github.com/openfga/openfga/releases/tag/v0.3.1
github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m
nvd.nist.gov/vuln/detail/CVE-2022-23542

Code Behaviors & Features

Detect and mitigate CVE-2022-23542 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →