What is CVE-2022-21646?

CVE-2022-21646 is a high-severity vulnerability in Authzed Spicedb, classified under CWE-155. CVSS score: 8.1/10. Published 2022-01-11.

How severe is CVE-2022-21646?

High severity. CVSS v3 base score is 8.1 out of 10.

Improper input validation in Authzed Spicedb

CVE-2022-21646

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`Look…

EPSS: 0.004 (58.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Authzed Spicedb — versions = 1.3.0

Weakness classification (CWE)

References

github.com/authzed/spicedb/security/advisories/GHSA-7p8f-8hjm-wm92 (x_refsource_CONFIRM)
github.com/authzed/spicedb/issues/358 (x_refsource_MISC)
github.com/authzed/spicedb/commit/15bba2e2d2a4bda336a37a7fe8ef8a35028cd970 (x_refsource_MISC)
github.com/authzed/spicedb/releases/tag/v1.4.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-21646?: CVE-2022-21646 is a high-severity vulnerability in Authzed Spicedb, classified under CWE-155. CVSS score: 8.1/10. Published 2022-01-11.
How severe is CVE-2022-21646?: High severity. CVSS v3 base score is 8.1 out of 10.