How severe is CVE-2024-46989?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-46989?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2024-46989 - LOW Severity | CVSS 3.7

Vulnerability Description

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries.

Related Vulnerabilities

CVE-2022-23485

LOW

CVSS:3.7(Low)

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow...

CWE-2692022

CVE-2024-39302

LOW

CVSS:3.7(Low)

BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigblue...

CWE-2692024

CVE-2024-51324

LOW

CVSS:3.8(Low)

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.

CWE-2692024

CVE-2024-43446

LOW

CVSS:3.5(Low)

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0...

CWE-2692024

CVE-2019-4112

MEDIUM

CVSS:4.0(Medium)

IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158105.

CWE-2692019

CVE-2019-4174

MEDIUM

CVSS:4.0(Medium)

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879.

CWE-2692019