CNNVD-202511-480 Information

CNNVD ID

CNNVD-202511-480

Related CVE

CVE-2025-64179

• CNNVD Published: 2025-11-06

Description (Chinese)

lakeFS是Treeverse开源的一款开源工具，可将您的对象存储转换为类似 Git 的存储库。 lakeFS 1.69.0及之前版本存在安全漏洞，该漏洞源于/api/v1/usage-report/summary端点缺少身份验证，可能导致检索API使用计数信息。

Description (English)

MakeFS is an open source tool for Treeverse to convert your object to a Git-like repository. MakeFS 1.69.0 and previous versions contain a security loophole, which stems from the lack of identification of the end point/api/v1/usage-report/summary, which may lead to the retrieval of API count information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Treeverse

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/treeverse/lakeFS/security/advisories/GHSA-h238-5mwf-8xw8 https://github.com/treeverse/lakeFS/commit/1c8adab852dac2387fcb00a256402b308a610c60 https://access.redhat.com/security/cve/cve-2025-64179

Patch

https://lakefs.io/