N/A

CVSS Score

Basic Information

CVE ID

CVE-2022-23542

GHSA ID

GHSA-m3q4-7qmj-657m

EPSS Score

0.07821%

CWE

CWE-285

Published

12/20/2022

Updated

1/29/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-23542

CVE-2022-23542: OpenFGA Authorization Bypass

Overview

During our internal security assessment, it was discovered that OpenFGA versions v0.3.0 is vulnerable to authorization bypass under certain conditions.

Am I Affected?

You are affected by this vulnerability if all of the following applies:

You are using OpenFGA v0.3.0
You created a model using modeling language v1.1 that applies a type restriction to an object e.g. define viewer: [user]
You created tuples based on the aforementioned model, e.g. document:1#viewer@user:jon
You updated the previous model by adding a new type and replacing the previous restriction with the newly added type e.g. define viewer: [employee]
You use the tuples created against the first model (step 3) and issue checks against the updated model e.g. user=user:jon, relation=viewer, object:document:1

How to fix that?

Upgrade to version v0.3.1

Backward Compatibility

This update is backward compatible.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2022-23542

GHSA ID

GHSA-m3q4-7qmj-657m

EPSS Score

0.07821%

CWE

CWE-285

Published

12/20/2022

Updated

1/29/2023

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/openfga/openfga	go	= 0.3.0	0.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing type restriction filters in relationship lookup functions. The GitHub PR #422 fix shows these functions were modified to add 'filter by allowed object type' logic. In v0.3.0, when checking relationships, these functions would return tuples valid under previous model versions without validating against current type restrictions, enabling authorization bypass when models were updated. The direct correlation between the vulnerability description (legacy tuples being honored after type restriction changes) and the patched code locations confirms these functions' role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Ov*rvi*w *urin* our int*rn*l s**urity *ss*ssm*nt, it w*s *is*ov*r** t**t Op*n*** v*rsions v*.*.* is vuln*r**l* to *ut*oriz*tion *yp*ss un**r **rt*in *on*itions. ### *m I *****t**? You *r* *****t** *y t*is vuln*r**ility i* ***ll** o* t** *ollowin

Reasoning

T** vuln*r**ility st*ms *rom missin* typ* r*stri*tion *ilt*rs in r*l*tions*ip lookup *un*tions. T** *it*u* PR #*** *ix s*ows t**s* *un*tions w*r* mo*i*i** to *** '*ilt*r *y *llow** o*j**t typ*' lo*i*. In v*.*.*, w**n ****kin* r*l*tions*ips, t**s* *un

N/A

Basic Information

Concerned about an active attack path?

CVE-2022-23542: OpenFGA Authorization Bypass

Overview

Am I Affected?

How to fix that?

Backward Compatibility

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI