CNNVD-202509-1049 Information
CNNVD ID
CNNVD-202509-1049
Related CVE
- CNNVD Published: 2025-09-08
Description (Chinese)
Fides是Ethyca开源的一个开源隐私工程平台,用于管理运行时环境中数据隐私请求的实现以及代码中隐私法规的执行。 Fides 2.69.1之前版本存在安全漏洞,该漏洞源于OAuth客户端创建和更新端点存在权限提升。
Description (English)
Fides is an open source privacy engineering platform for the Ethyca Open Source to manage the implementation of data privacy requests in the running-time environment and the enforcement of privacy regulations in codes. There is a security loophole in the previous version of Fides 2.691, which results from the creation and updating of endpoints by the OAuth client with enhanced access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Ethyca
Published
2025-09-08
Last Modified
2026-02-24
References
https://github.com/ethyca/fides/releases/tag/2.69.1 https://github.com/ethyca/fides/security/advisories/GHSA-hjfh-p8f5-24wr https://github.com/ethyca/fides/commit/2ffd125e1089a09b84c27fb5279a05960cbf2452 https://access.redhat.com/security/cve/cve-2025-57817
Patch
https://github.com/ethyca/fides/releases
Share on: