📦 Openfga

OpenFGA versions 1.9.3 to 1.9.4 contain an improper policy enforcement vulnerability in Check and ListObject calls. This allows attackers to bypass authorization controls and access resources they sho...

OpenFGA versions 1.3.6 through 1.8.10 contain an authorization bypass vulnerability in Check and ListObject calls. This allows attackers to bypass permission checks and access unauthorized resources. ...

OpenFGA versions before 1.8.5 contain an authorization bypass vulnerability that allows unauthorized access when specific Check and ListObject API calls are made under certain model configurations. Th...

OpenFGA versions 1.3.8 to 1.8.2 contain an authorization bypass vulnerability when using conditions with contextual tuples and caching enabled. Attackers can bypass authorization checks to access unau...

OpenFGA versions 1.8.5 to 1.11.2 have an improper policy enforcement vulnerability that can allow unauthorized access when specific authorization models and tuple configurations exist. The vulnerabili...

OpenFGA versions 1.4.0 to 1.11.0 have an improper policy enforcement vulnerability in Check and ListObject calls. This allows attackers to bypass authorization controls and access resources they shoul...

OpenFGA versions 1.8.0 through 1.8.12 contain an authorization bypass vulnerability in Check and ListObject API calls. Attackers can bypass intended permissions when specific conditions are met involv...

OpenFGA versions 1.5.7 and 1.5.8 contain an authorization bypass vulnerability when using Check API with models containing 'but not' and 'from' expressions combined with usersets. This allows attacker...

OpenFGA versions 1.5.0 to 1.5.2 contain an authorization bypass vulnerability in Check and ListObjects APIs when using models with exclusion or intersection logic. This allows attackers to bypass inte...