Skip to content

STREAM Internal Documentation

SEC-0002: Tenant Authentication Cache Fix

STREAM Internal Documentation

Home
Development
Development
- Setup
- Tools
- Workflow
- Helpers
- stream-docs
Architecture
Architecture
- System
- Database
- Decisions
  Decisions
Flows
Flows
Kubernetes
Kubernetes
- NATS
  NATS
  - Overview
  - Setup
Security
Security
- Log
  Log
  - SEC-0001: PoP Authentication
  - SEC-0002: Tenant Authentication SEC-0002: Tenant Authentication
    On this page
    
    Problem
    
    Fix
    
    Files

SEC-0002: Tenant Authentication Cache Fix

Date	Author	Severity
2026-03-18	Fabian Beyerlein	HIGH

Problem

Tenant Authentication Repository did not verify tenant association of stored sessions

User A from Tenant A could have used his session on Tenant B if it was cached, even though they do not belong to Tenant B

Fix

Store OrgID in cache entry
Verify OrgID in cache entry against the accessed OrgID upon retrieval

Files

backend/apps/solaris/modules/authtenant/infra/ent/cached_basic_repo.go