admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-393xx/CVE-2022-39342.json

126 lines
4.0 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2022-39342",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-10-25T17:15:56.333",
Auto-Update: 2023-06-27T18:00:32.630488+00:00
2023-06-27 18:00:36 +00:00
"lastModified": "2023-06-27T17:27:07.260",
bootstrap
2023-04-24 12:24:31 +02:00
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset (the right hand side of a \u00e2\u20ac\u02dcfrom\u00e2\u20ac\u2122 statement) that involves anything other than a direct relationship (e.g. \u00e2\u20ac\u02dcas self\u00e2\u20ac\u2122) are vulnerable. Version 0.2.4 contains a patch for this issue."
},
{
"lang": "es",
"value": "OpenFGA es un motor de autorizaci\u00f3n/permiso. Las versiones anteriores a 0.2.4 son vulnerables a la omisi\u00f3n de la autorizaci\u00f3n bajo determinadas condiciones. Los usuarios cuyo modelo presenta una relaci\u00f3n definida como un conjunto de tuplas (el lado derecho de una declaraci\u00f3n \"from\") que implica cualquier cosa que no sea una relaci\u00f3n directa (por ejemplo, \"as self\") son vulnerables. La versi\u00f3n 0.2.4 contiene un parche para este problema"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
Auto-Update: 2023-06-27T18:00:32.630488+00:00
2023-06-27 18:00:36 +00:00
"value": "NVD-CWE-Other"
bootstrap
2023-04-24 12:24:31 +02:00
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.2.4",
"matchCriteriaId": "6C8497C4-6109-40A8-AA89-E20BF94EB4C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openfga/openfga/commit/c8db1ee3d2a366f18e585dd33236340e76e784c4",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/openfga/openfga/releases/tag/v0.2.4",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/openfga/openfga/security/advisories/GHSA-f4mm-2r69-mg5f",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue Copy Permalink