mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
64 lines
2.7 KiB
JSON
64 lines
2.7 KiB
JSON
{
|
|
"id": "CVE-2024-43784",
|
|
"sourceIdentifier": "security-advisories@github.com",
|
|
"published": "2024-11-26T21:15:07.160",
|
|
"lastModified": "2024-11-26T21:15:07.160",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "lakeFS es una herramienta de c\u00f3digo abierto que transforma el almacenamiento de objetos en un repositorio similar a Git. Los usuarios de lakeFS existentes que han emitido credenciales a usuarios que han sido eliminados se ven afectados por esta vulnerabilidad. Al crear un nuevo usuario con el mismo nombre de usuario que un usuario eliminado, ese usuario heredar\u00e1 todas las credenciales del usuario anterior. Este problema se ha solucionado en la versi\u00f3n 1.33.0 y se recomienda a todos los usuarios que actualicen. El \u00fanico workaround conocido para aquellos que no pueden actualizar es no reutilizar los nombres de usuario."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
|
|
"baseScore": 5.7,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "LOW"
|
|
},
|
|
"exploitabilityScore": 0.9,
|
|
"impactScore": 4.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security-advisories@github.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-281"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/treeverse/lakeFS/releases/tag/v1.33.0",
|
|
"source": "security-advisories@github.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-hh33-46q4-hwm2",
|
|
"source": "security-advisories@github.com"
|
|
}
|
|
]
|
|
} |