Authorization Bypass Vulnerability in OpenFGA Engine
CVE-2024-56323
What is CVE-2024-56323?
OpenFGA, an authorization and permission engine, is exposed to an authorization bypass vulnerability. This issue affects versions 1.3.8 through 1.8.2 (including Helm chart openfga-0.1.38 to openfga-0.2.19 and Docker versions v1.3.8 to v1.8.2) under specific conditions. It is triggered when the Check API or ListObjects API is called with a model utilizing conditions. Additionally, if these APIs are invoked with contextual tuples that include conditions while caching is enabled (OPENFGA_CHECK_QUERY_CACHE_ENABLED), the vulnerability may be exploited. Users should upgrade to version 1.8.3 as there are currently no known workarounds.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.