admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/39xxx/CVE-2022-39342.json
advisory-database[bot] 01f3ffe719
Add CVE-2022-39342 for GHSA-f4mm-2r69-mg5f 
Add CVE-2022-39342 for GHSA-f4mm-2r69-mg5f
2022-10-24 21:35:51 +00:00

93 lines
3.3 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-39342",
"STATE": "PUBLIC",
"TITLE": "OpenFGA Authorization Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openfga",
"version": {
"version_data": [
{
"version_value": "< 0.2.4"
}
]
}
}
]
},
"vendor_name": "openfga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a from statement) that involves anything other than a direct relationship (e.g. as self) are vulnerable. Version 0.2.4 contains a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openfga/openfga/security/advisories/GHSA-f4mm-2r69-mg5f",
"refsource": "CONFIRM",
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-f4mm-2r69-mg5f"
},
{
"name": "https://github.com/openfga/openfga/commit/c8db1ee3d2a366f18e585dd33236340e76e784c4",
"refsource": "MISC",
"url": "https://github.com/openfga/openfga/commit/c8db1ee3d2a366f18e585dd33236340e76e784c4"
},
{
"name": "https://github.com/openfga/openfga/releases/tag/v0.2.4",
"refsource": "MISC",
"url": "https://github.com/openfga/openfga/releases/tag/v0.2.4"
}
]
},
"source": {
"advisory": "GHSA-f4mm-2r69-mg5f",
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink