CNNVD-202601-2694 Information

CNNVD ID

CNNVD-202601-2694

Related CVE

CVE-2025-68671

• CNNVD Published: 2026-01-15

Description (Chinese)

lakeFS是Treeverse开源的一款开源工具，可将您的对象存储转换为类似 Git 的存储库。 lakeFS 1.75.0之前版本存在安全漏洞，该漏洞源于S3网关未验证经过身份验证的请求中的时间戳，可能导致重放攻击。

Description (English)

MakeFS is an open source tool for Treeverse to convert your object to a Git-like repository. There was a security loophole in the previous version of LakeFS 1.75.0, which originated from a time stamp in an unverified request at the S3 gateway, which could lead to a re-launching of the attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Treeverse

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8 https://github.com/treeverse/lakeFS/issues/9599 https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f

Patch

https://github.com/treeverse/lakeFS