Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion
Vulnerability Description
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
Vulnerability Type
权限预留不恰当
Vulnerability Title
lakeFS 安全漏洞
Vulnerability Description
lakeFS是Treeverse开源的一款开源工具,可将您的对象存储转换为类似 Git 的存储库。 lakeFS 1.31.1版本存在安全漏洞,该漏洞源于当创建的新用户使用了已删除用户的用户名时,新用户会继承原用户的所有凭证。这可能导致权限不当分配或敏感操作的执行。
CVSS Information
N/A
Vulnerability Type
N/A