CVE-2024-43784

Published Nov 26, 2024

Last updated 3 months ago

CVSS medium 5.7

Overview

Description
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.7
Impact score
4.7
Exploitability score
0.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-281

Social media

Hype score
Not currently trending

  1. CVE-2024-43784 lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been dele… https://t.co/usMe18QTZX

    @CVEnew

    26 Nov 2024

    479 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References