python · stigmem-nodeCritical
stigmem-node: Missing tenant-scoped predicates in quarantine routes allow cross-tenant access
In stigmem-node multi-tenant deployments, a tenant administrator could list, read, admit, or reject quarantined facts belonging to other tenants due to missing
What changed
In stigmem-node multi-tenant deployments, a tenant administrator could list, read, admit, or reject quarantined facts belonging to other tenants due to missing tenant-scoped predicates in quarantine routes.
Who it affects
Deployments using the opt-in stigmem-plugin-multi-tenant (multiple tenants on one node). Single-tenant deployments are not affected.
What to do today
Upgrade to version 0.9.0a12 immediately if you run a multi-tenant deployment.
The trail
Collected→
Audited→
Written→
Published