Tag: Authorization
Problems related to authorization, such as missing or invalid credentials, or misconfigurations
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0045 Medium Impact: 4/10 Mitigation: 4/10 | NATS Authorization Failure Detected | The NATS server has emitted an **Authorization Violation** log entry, meaning a client attempted to connect, publish, subscribe, or perform another operation for which it lacks permission. Intermittent violations often point to misconfiguration or start-up chaos. However, sustained or widespread violations can signal credential expiry or missing secrets. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0046 Medium Impact: 4/10 Mitigation: 4/10 | NATS Permissions Violation Detected | The NATS server has emitted an **Permission Violation** log entry, meaning a client attempted to publish or subscribe to a subject for which it lacks permission. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0079 Critical Impact: 10/10 Mitigation: 3/10 | SpiceDB Database Corruption: Critical Table Loss | Detects catastrophic SpiceDB database corruption where critical core tables like `alembic_version` and `relation_tuple_transaction` are missing or dropped. This represents complete database corruption that renders SpiceDB unable to perform any authorization operations, causing total permission system failure. | Authorization Systems | postgresql | SpiceDBDatabase CorruptionAuthorizationPostgreSQL |
| CRE-2025-0085 High Impact: 8/10 Mitigation: 7/10 | SpiceDB Schema Validation Failures Block Authorization Updates | Detects SpiceDB schema validation failures that prevent authorization logic updates and deployments. These failures occur when invalid schema definitions are submitted, including syntax errors, circular dependencies, type conflicts, or malformed permission expressions, blocking critical authorization system updates. | Authorization Problems | spicedb | SpiceDBAuthorizationConfigurationValidationCrashStartup Failure |
| CRE-2025-0105 High Impact: 9/10 Mitigation: 3/10 | SpiceDB Datastore Startup Failure | Detects critical failures where a SpiceDB instance cannot start due to an invalid schema or an uninitialized datastore during the bootstrap process. This is a common configuration error that prevents the service from initializing and serving requests, leading to a total service outage. | Authorization Systems | spicedb | SpiceDBAuthorizationDatastoreMisconfigurationStartup Failure |