Primary

Context

OpenFGA Authorization Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing authorization bypass has been identified in OpenFGA versions 1.3.8 prior to 1.8.3, including the Helm chart versions openfga-0.1.38 prior to openfga-0.2.19 and Docker versions 1.3.8 prior to 1.8.2. This vulnerability arises when the Check API or ListObjects API is called with a model that includes conditions, and OpenFGA is configured with caching enabled. Under these circumstances, it is possible to bypass authorization by manipulating contextual tuples that include conditions.

Impact

Exploiting this vulnerability can lead to unauthorized access or actions, as the authorization checks are improperly bypassed, allowing users to access or manipulate resources they should not be able to.

Remediation

Users are advised to upgrade OpenFGA to version 1.8.3, which is backwards compatible.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenFGA Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

OpenFGA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating