DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-56323

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-56323

CGA ID

CGA-8hvh-pvhw-74c7

Severity

Unknown

Summary

OpenFGA Authorization Bypass

Description

Overview

OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass when certain Check and ListObject calls are executed.

Am I Affected?

You are affected by this authorization bypass vulnerability if you are using OpenFGA v1.3.8 to v1.8.2, specifically under the following conditions:

  1. Calling Check API or ListObjects with a model that uses conditions, and
  2. OpenFGA is configured with caching enabled (OPENFGA_CHECK_QUERY_CACHE_ENABLED), and
  3. Check API call or ListObjects API calls contain contextual tuples that include conditions.

Fix

Upgrade to v1.8.3. This upgrade is backwards compatible.

References

  • https://images.chainguard.dev/security/CGA-8hvh-pvhw-74c7
  • https://github.com/advisories/GHSA-32q6-rr98-cjqv
  • https://github.com/openfga/openfga/security/advisories/GHSA-32q6-rr98-cjqv
  • https://nvd.nist.gov/vuln/detail/CVE-2024-56323
  • https://github.com/openfga/openfga
  • https://pkg.go.dev/vuln/GO-2025-3384

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation