Is CVE-2022-23542 actively exploited?

CVE-2022-23542 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-23542?

CVE-2022-23542 has a CVSS score of 7.7 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L.

How do I patch CVE-2022-23542?

Patch guidance is available from openfga security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-23542.

Fix CVE-2022-23542 - HIGH openfga openfga

Description

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector: network
Complexity: high
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low
Weaknesses: CWE-285

Metadata

Primary Vendor: OPENFGA
Published: 12/20/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

openfga : openfga

Remediation Guidance

Executive Summary

Cite this page

CVE-2022-23542. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-23542

View on NIST NVD

CVE-2022-23542 vulnerability