Strix
26.1K

CVE-2024-31452

CRITICALCVSS 9.8/10EPSS 0.66%

Last modified

CVE-2024-31452 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.66%

46.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OpenfgaOpenfga>= 1.5.0, < 1.5.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-31452?
OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3.
How severe is CVE-2024-31452?
CVE-2024-31452 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.
How do I fix CVE-2024-31452?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-31452?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST