CVSS 3.1 Score 3.7 of 10 (low)


Published Jun 20, 2024
CWE ID 281


CVE-2024-38361 is a vulnerability affecting Spicedb, an open-source permissions database. The issue arises when using an exclusion under an arrow with multiple resources, causing the system to report 'NO_PERMISSION' instead of the expected permission. This occurs when the user has access to view multiple folders, and the exclusion dispatcher fails to request all the folders in which the user is a member. The problem has been addressed in version 1.33.1, and users are advised to upgrade as there are no known workarounds. The risk score for this vulnerability is 5, indicating a moderate threat level.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-38361 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions