Site icon API Security Blog

OpenFGA Authorization Bypass

Overview OpenFGA v1.5.7 and v1.5.8 are vulnerable to authorization bypass when calling Check API with a model that uses but not and from expressions and a userset. Fix Downgrade to v1.5.6 as soon as possible. This downgrade is backward compatible. We are currently working on a fix which will be included in the next…Read More

Exit mobile version