Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2022-23542 — OpenFGA Authorization Bypass in github.com/openfga/openfga · VulnScope

CVE-2022-23542

OpenFGA Authorization Bypass in github.com/openfga/openfga

EPSS 0.42%

Description

OpenFGA Authorization Bypass in github.com/openfga/openfga

How to fix CVE-2022-23542

To remediate CVE-2022-23542, upgrade the affected package to a fixed version below.

Go/github.com/openfga/openfga—upgrade to 0.3.1 or later
Go/github.com/openfga/openfga—upgrade to 0.3.1 or later

Is CVE-2022-23542 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 0.3.0, < 0.3.1
>= 0.3.0, < 0.3.1

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-23542
PATCHgithub.com/openfga/openfga
WEBgithub.com/openfga/openfga/pull/422
WEBgithub.com/openfga/openfga/releases/tag/v0.3.1
WEB

Metadata

Published: 12/20/2022
Modified: 3/3/2026

Also known as:

GHSA-m3q4-7qmj-657mghsa
GO-2022-1179goadvisory

github.com

/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m

Go/github.com/openfga/openfga

Go/github.com/openfga/openfga