CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39340

OpenFGA is an authorization/permission engine. Prior to version 0.2.4, the `streamed-list-objects` endpoint was not validating the authorization header, resulting in disclosure of objects in the store. Users `openfga/openfga` versions 0.2.3 and prior who are exposing the OpenFGA service to the internet are vulnerable. Version 0.2.4 contains a patch for this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.1%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2022-39340

Openfga » Openfga » Version: 0.0.1

cpe:2.3:a:openfga:openfga:0.0.1
Openfga » Openfga » Version: 0.0.2

cpe:2.3:a:openfga:openfga:0.0.2
Openfga » Openfga » Version: 0.1.0

cpe:2.3:a:openfga:openfga:0.1.0
Openfga » Openfga » Version: 0.1.1

cpe:2.3:a:openfga:openfga:0.1.1
Openfga » Openfga » Version: 0.1.10

cpe:2.3:a:openfga:openfga:0.1.10
Openfga » Openfga » Version: 0.1.11

cpe:2.3:a:openfga:openfga:0.1.11
Openfga » Openfga » Version: 0.1.12

cpe:2.3:a:openfga:openfga:0.1.12
Openfga » Openfga » Version: 0.1.13

cpe:2.3:a:openfga:openfga:0.1.13
Openfga » Openfga » Version: 0.1.14

cpe:2.3:a:openfga:openfga:0.1.14
Openfga » Openfga » Version: 0.1.15

cpe:2.3:a:openfga:openfga:0.1.15
Openfga » Openfga » Version: 0.1.16

cpe:2.3:a:openfga:openfga:0.1.16
Openfga » Openfga » Version: 0.1.17

cpe:2.3:a:openfga:openfga:0.1.17
Openfga » Openfga » Version: 0.1.18

cpe:2.3:a:openfga:openfga:0.1.18
Openfga » Openfga » Version: 0.1.19

cpe:2.3:a:openfga:openfga:0.1.19
Openfga » Openfga » Version: 0.1.2

cpe:2.3:a:openfga:openfga:0.1.2
Openfga » Openfga » Version: 0.1.20

cpe:2.3:a:openfga:openfga:0.1.20
Openfga » Openfga » Version: 0.1.21

cpe:2.3:a:openfga:openfga:0.1.21
Openfga » Openfga » Version: 0.1.22

cpe:2.3:a:openfga:openfga:0.1.22
Openfga » Openfga » Version: 0.1.23

cpe:2.3:a:openfga:openfga:0.1.23
Openfga » Openfga » Version: 0.1.24

cpe:2.3:a:openfga:openfga:0.1.24
Openfga » Openfga » Version: 0.1.25

cpe:2.3:a:openfga:openfga:0.1.25
Openfga » Openfga » Version: 0.1.26

cpe:2.3:a:openfga:openfga:0.1.26
Openfga » Openfga » Version: 0.1.27

cpe:2.3:a:openfga:openfga:0.1.27
Openfga » Openfga » Version: 0.1.28

cpe:2.3:a:openfga:openfga:0.1.28
Openfga » Openfga » Version: 0.1.29

cpe:2.3:a:openfga:openfga:0.1.29
Openfga » Openfga » Version: 0.1.3

cpe:2.3:a:openfga:openfga:0.1.3
Openfga » Openfga » Version: 0.1.30

cpe:2.3:a:openfga:openfga:0.1.30
Openfga » Openfga » Version: 0.1.31

cpe:2.3:a:openfga:openfga:0.1.31
Openfga » Openfga » Version: 0.1.32

cpe:2.3:a:openfga:openfga:0.1.32
Openfga » Openfga » Version: 0.1.33

cpe:2.3:a:openfga:openfga:0.1.33
Openfga » Openfga » Version: 0.1.34

cpe:2.3:a:openfga:openfga:0.1.34
Openfga » Openfga » Version: 0.1.35

cpe:2.3:a:openfga:openfga:0.1.35
Openfga » Openfga » Version: 0.1.36

cpe:2.3:a:openfga:openfga:0.1.36
Openfga » Openfga » Version: 0.1.37

cpe:2.3:a:openfga:openfga:0.1.37
Openfga » Openfga » Version: 0.1.38

cpe:2.3:a:openfga:openfga:0.1.38
Openfga » Openfga » Version: 0.1.39

cpe:2.3:a:openfga:openfga:0.1.39
Openfga » Openfga » Version: 0.1.4

cpe:2.3:a:openfga:openfga:0.1.4
Openfga » Openfga » Version: 0.1.40

cpe:2.3:a:openfga:openfga:0.1.40
Openfga » Openfga » Version: 0.1.41

cpe:2.3:a:openfga:openfga:0.1.41
Openfga » Openfga » Version: 0.1.5

cpe:2.3:a:openfga:openfga:0.1.5
Openfga » Openfga » Version: 0.1.6

cpe:2.3:a:openfga:openfga:0.1.6
Openfga » Openfga » Version: 0.1.7

cpe:2.3:a:openfga:openfga:0.1.7
Openfga » Openfga » Version: 0.1.8

cpe:2.3:a:openfga:openfga:0.1.8
Openfga » Openfga » Version: 0.1.9

cpe:2.3:a:openfga:openfga:0.1.9
Openfga » Openfga » Version: 0.2.0

cpe:2.3:a:openfga:openfga:0.2.0
Openfga » Openfga » Version: 0.2.1

cpe:2.3:a:openfga:openfga:0.2.1
Openfga » Openfga » Version: 0.2.2

cpe:2.3:a:openfga:openfga:0.2.2
Openfga » Openfga » Version: 0.2.3

cpe:2.3:a:openfga:openfga:0.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39340

Products

Pricing

Contact Us