What is CVE-2023-35930?

CVE-2023-35930 is a low-severity vulnerability in Authzed Spicedb, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 3.7/10. Published 2023-06-26.

How severe is CVE-2023-35930?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Authzed Spicedb

CVE-2023-35930

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request…

EPSS: 0.002 (38.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Authzed Spicedb — versions = 1.22.0

Weakness classification (CWE)

CWE-913 — Improper Control of Dynamically-Managed Code Resources

References

https://github.com/authzed/spicedb/security/advisories/GHSA-m54h-5x5f-5m6r (x_refsource_CONFIRM)
https://github.com/authzed/spicedb/pull/1397 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-35930?: CVE-2023-35930 is a low-severity vulnerability in Authzed Spicedb, classified under Improper Control of Dynamically-Managed Code Resources. CVSS score: 3.7/10. Published 2023-06-26.
How severe is CVE-2023-35930?: Low severity. CVSS v3 base score is 3.7 out of 10.