GHSA-xph7-9rjv-w5frHighCVSS 8.8
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the...
🔗 CVE IDs covered (1)
📋 Description
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.