Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries.
LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. An attacker who captures a valid signed request (e.g., through network interception, logs, or compromised systems) can replay that request until credentials are rotated, even after the request is intended to expire.
Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime.
An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue.
Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion.
Impact A bug in permissions validation allows a user with the ci:ReadAction permission to skip read checks when copying an object. If they additionally have read and write permission to path in the repository, they can copy an otherwise unreadable object and read it. In order to be affected and exploitable, the following conditions must ALL occur on the same user: ci:ReadAction enabled for the repository. Predefined policies RepoManagementRead and …
This advisory duplicates another.
Impact When lakeFS is configured with ALL of the following: Configuration option auth.encrypt.secret_key passed through environment variable Actions enabled via configuration option actions.enabled (default enabled) then a user who can configure an action can impersonate any other user. Patches Has the problem been patched? What versions should users upgrade to? Workarounds ANY ONE of these is sufficient to prevent the issue: Do not pass auth.encrypt.secret_key through an environment variable. For …
Impact S3 credentials are logged in plain text S3Creds:{Key:AKIAIOSFODNN7EXAMPLE Secret:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY appears as part of the log message: time="2023-05-12T13:51:52Z" level=error msg="failed to perform diff" func="pkg/plugins/diff.(*Service).RunDiff" file="build/pkg/plugins/diff/service.go:124" error="rpc error: code = Canceled desc = stream terminated by RST_STREAM with error code: CANCEL" host="localhost:8000" method=GET operation_id=OtfDiff params="{TablePaths:{Left:{Ref:data_load@ Path:aggs/agg_variety/} Right:{Ref:data_load Path:aggs/agg_variety/} Base:{Ref: Path:}} S3Creds:{Key:AKIAIOSFODNN7EXAMPLE Secret:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Endpoint:http://0.0.0.0:8000} Repo:example}" path="/api/v1/repositories/example/otf/refs/data_load%40/diff/data_load?table_path=aggs%2Fagg_variety%2F&type=delta" request_id=d3b6fdc7-2544-4c12-8e05-376f16e35a80 service_name=rest_api type=delta user=docker Discovered when investigating #5862 Patches Has the problem been patched? What versions …
Impact The browser renders the resulting HTML when opening a direct link to an HTML file via lakeFS. Any JavaScript within that page is executed within the context of the domain lakeFS is running in. An attacker can inject a malicious script inline, download resources from another domain, or make arbitrary HTTP requests. This would allow the attacker to send information to a random domain or carry out lakeFS operations …
Authenticated users can send a request to delete-objects through the s3 gateway and delete files they are not authorized to delete. Patches: lakeFS v0.82.0 and later. Workaround: Drop specific request to the lakeFS listen port. Any request with "Authorization" header and value that starts with "AWS". If you have any questions or comments about this advisory, ask on the lakeFS Slack #help channel or email us at security@treeverse.io.
Impact [medium] A user with write permissions to a portion of a repository may use the S3 gateway to copy any object in the repository if they know its name. [medium] A user with permission to write any one of tags, branches, or commits on a repository may write all of them. [low] A user with permission to read any one of tags, branches, or commits on a repository may …