CVE-2023-45810

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 17, 2023

Updated: Oct 25, 2023

CWE ID 400

Summary

CVE-2023-45810 affects OpenFGA, an authorization/permission engine, causing a denial of service issue. In certain scenarios, multiple `ListObjects` calls fail to release resources after sending responses, leading to service unresponsiveness with high call volumes. Version 1.3.4 addresses this vulnerability, which is backwards compatible, and no known workarounds exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenFGA

Affected Vendors

Openfga

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s_pn0e
https://www.cve.org/CVERecord?id=CVE-2023-45810
https://nvd.nist.gov/vuln/detail/CVE-2023-45810

Back to Vulnerability Database