OpenFGA Authorization Bypass
Discription
## Overview
Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. UPDATE: This means that the API sometimes returns more objects than it should.
## Am I Affected?
The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`.
## Fix
Update to v1.3.1.
## Backward Compatibility
This update is backward compatible.Read More
References
Back to Main