A high-severity authorization logic error in the ChromaDB SimpleRBACAuthorizationProvider allows for cross-tenant unauthorized actions, potentially compromising sensitive multi-tenant data.

The SimpleRBACAuthorizationProvider correctly checks if a user has a specific permission but fails to verify if that permission is scoped to the correct tenant, database, or collection. This allows an authenticated attacker to perform actions outside their authorized scope.

The 8.8 CVSS score reflects the high risk of unauthorized data manipulation. By exploiting this flaw, an attacker could perform cross-tenant actions, leading to unauthorized modification or exfiltration of sensitive information belonging to other users or organizations, resulting in a total compromise of data trust.

Immediate Action: Apply the latest security patches provided by the vendor to ensure the authorization provider correctly validates target scopes.

Proactive Monitoring: Review authentication and authorization logs for signs of users attempting to perform operations on resources outside their assigned tenant or collection.

Compensating Controls: Utilize database-level access controls or external authorization proxies to enforce stricter resource scoping while waiting for the patch to be deployed.

Public Exploit Available: false

This vulnerability represents a critical breakdown in access control logic. Administrators should treat this as a high-priority update to prevent cross-tenant data corruption or exposure, ensuring the authorization provider is updated to correctly validate resource-specific permissions.