Home > Vulnerability Database > CVE-2024-31452

Mend.io Vulnerability Database

CVE-2024-31452

Good to know:

Date: April 16, 2024

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3.

Language: Go

Severity Score

8.1

Related Resources (5)

Url: https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2

Url: https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31452

Url: https://github.com/openfga/openfga

Url: https://www.mend.io/vulnerability-database/CVE-2024-31452

Severity Score

8.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v1.5.3

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31452

Good to know:

Date: April 16, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?