CVE-2024-43784

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 281

Summary

CVE-2024-43784 affects lakeFS, an open-source tool that converts object storage into a Git-like repository. Users who have granted credentials to deleted accounts and create new users with the same username are at risk. The new user will inherit the previous user's credentials, posing a security threat. lakeFS has released version 1.33.0 to address the issue, and users are strongly advised to upgrade. A temporary workaround for those unable to upgrade is to avoid reusing usernames.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share