OpenFGA denial of service
CVE-2023-45810

5.3MEDIUM

Key Information:

Vendor: Openfga
Status: Openfga
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-45810?

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability.

Affected Version(s)

openfga < 1.3.4

References

https://github.com/openfga/openfga/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Oct 13, 2023

Openfga

What is CVE-2023-45810?

Affected Version(s)

References

CVSS V3.1

Timeline