How severe is CVE-2024-32001?

This vulnerability has a severity rating of LOW with a CVSS score of 2.2 out of 10.

What type of vulnerability is CVE-2024-32001?

This is classified as CWE-755, which is a common weakness in software security.

CVE-2024-32001 - LOW Severity | CVSS 2.2

Vulnerability Description

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `folder#parent`. This bug only manifests if the same subject type is used multiple types in a relation, relationships exist for both subject types and an arrow is used over the relation. Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. Version 1.30.1 contains a patch for the issue. As a workaround, avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema.

Related Vulnerabilities

CVE-2020-0382

LOW

CVSS:2.3(Low)

In RunInternal of dumpstate.cpp, there is a possible user consent bypass due to an uncaught exception. This could lead to local information disclosure of bug report data with System execution privileg...

CWE-7552020

CVE-2024-51744

LOW

CVSS:3.1(Low)

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way ...

CWE-7552024

CVE-2022-24448

LOW

CVSS:3.3(Low)

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. I...

CWE-7552022

CVE-2023-39341

LOW

CVSS:3.3(Low)

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and version...

CWE-7552023

CVE-2024-26911

LOW

CVSS:3.3(Low)

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma...

CWE-7552024

CVE-2023-41332

LOW

CVSS:3.5(Low)

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/...

CWE-7552023