CVE-2024-56323

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56323
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses [conditions](https://openfga.dev/docs/modeling/conditions), and 2. calling Check API or ListObjects API with [contextual tuples](https://openfga.dev/docs/concepts#what-are-contextual-tuples) that include conditions and 3. OpenFGA is configured with caching enabled (`OPENFGA_CHECK_QUERY_CACHE_ENABLED`). Users are advised to upgrade to v1.8.3. There are no known workarounds for this vulnerability.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/openfga/openfga/security/advisories/GHSA-32q6-rr98-cjqv Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:*:*:*
cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*
History

31 Dec 2025, 14:58

Type Values Removed Values Added
First Time Openfga helm Charts
Openfga
Openfga openfga
CPE cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*
cpe:2.3:a:openfga:helm_charts:*:*:*:*:*:*:*:*
References () https://github.com/openfga/openfga/security/advisories/GHSA-32q6-rr98-cjqv - () https://github.com/openfga/openfga/security/advisories/GHSA-32q6-rr98-cjqv - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Summary
  • (es) OpenFGA es un motor de autorización/permisos. En OpenFGA v1.3.8 a v1.8.2 (Helm chart openfga-0.1.38 a openfga-0.2.19, docker v1.3.8 a v.1.8.2) son vulnerables a la omisión de la autorización en las siguientes condiciones: 1. llamar a Check API o ListObjects con un modelo que usa [condiciones](https://openfga.dev/docs/modeling/conditions), y 2. llamar a Check API o ListObjects API con [tuplas contextuales](https://openfga.dev/docs/concepts#what-are-contextual-tuples) que incluyen condiciones y 3. OpenFGA está configurado con el almacenamiento en caché habilitado (`OPENFGA_CHECK_QUERY_CACHE_ENABLED`). Se recomienda a los usuarios que actualicen a v1.8.3. No se conocen Workarounds para esta vulnerabilidad.

13 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-13 22:15

Updated : 2025-12-31 14:58

NVD link : CVE-2024-56323

Mitre link : CVE-2024-56323

CVE.ORG link : CVE-2024-56323

JSON object : View

Products Affected

openfga

  • helm_charts
  • openfga
CWE
CWE-285

Improper Authorization