x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-31452 #2729

GoVulnBot · 2024-04-16T23:01:28Z

CVE-2024-31452 references github.com/openfga/openfga, which may be a Go module.

Description:
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. a but not b) or intersection (e.g. a and b). This vulnerability is fixed in v1.5.3.

References:

Cross references:

Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-39340 #1079 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-39341 #1080 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-39342 #1081 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-39352 #1099 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2022-23542 #1179 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: GHSA-jcf2-mxr2-gmqp #2028 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2023-43645 #2084 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2023-45810 #2121 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-23820 #2477 EFFECTIVELY_PRIVATE
Module github.com/openfga/openfga appears in issue x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2023-35933 #1872

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/openfga/openfga
      vulnerable_at: 1.5.2
      packages:
        - package: openfga
cves:
    - CVE-2024-31452
references:
    - advisory: https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r
    - fix: https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-05-17T20:42:32Z

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

gopherbot · 2024-06-03T19:20:55Z

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

jba self-assigned this Apr 19, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 96f0f48 Jun 4, 2024

This was referenced Aug 9, 2024

x/vulndb: potential Go vuln in github.com/openfga/openfga: GHSA-3f6g-m4hr-59h8 #3061

Closed

x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-42473 #3062

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-31452 #2729

x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-31452 #2729

GoVulnBot commented Apr 16, 2024

gopherbot commented May 17, 2024

gopherbot commented Jun 3, 2024

x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-31452 #2729

x/vulndb: potential Go vuln in github.com/openfga/openfga: CVE-2024-31452 #2729

Comments

GoVulnBot commented Apr 16, 2024

gopherbot commented May 17, 2024

gopherbot commented Jun 3, 2024