CVE-2024-42473

Summary

CVE-2024-42473 affects OpenFGA, an authorization engine, where versions 1.5.7 and 1.5.8 are susceptible to authorization bypass. This occurs when calling the Check API with specific model configurations, involving "but not" and "from" expressions, alongside a userset. Users are advised to downgrade to version 1.5.6 as an immediate solution, which is backward compatible. A patch is not currently available, but one is planned for future releases by OpenFGA's maintainers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.