CVE-2024-31452

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Apr 16, 2024

Updated: Apr 17, 2024

CWE ID 863

Summary

CVE-2024-31452 is a vulnerability affecting OpenFGA, a high-performance authorization engine. Versions 1.5.0 and later are susceptible to authorization bypass when using the Check or ListObjects APIs. This issue is particularly relevant for models involving exclusion or intersection logic. If your model employs such logic, you may be at risk. The vulnerability has been rectified in OpenFGA v1.5.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vbtOa_
https://www.cve.org/CVERecord?id=CVE-2024-31452
https://nvd.nist.gov/vuln/detail/CVE-2024-31452

Back to Vulnerability Database

CVE-2024-31452

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations