CVE-2024-43784
CVSS 3.1 Score 5.7 of 10 (medium)
Details
Published Nov 26, 2024
CWE ID 281
Summary
CVE-2024-43784 affects lakeFS, an open-source tool that converts object storage into a Git-like repository. Users who have granted credentials to deleted accounts and create new users with the same username are at risk. The new user will inherit the previous user's credentials, posing a security threat. lakeFS has released version 1.33.0 to address the issue, and users are strongly advised to upgrade. A temporary workaround for those unable to upgrade is to avoid reusing usernames.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share