Vulnerability Report: GO-2023-2397

GHSA-26hr-q2wp-rvc5
Affects: github.com/treeverse/lakefs
Published: Aug 21, 2024
Unreviewed

User with permission to write actions can impersonate another user when auth token is configured in environment variable in github.com/treeverse/lakefs

For detailed information about this vulnerability, visit https://github.com/treeverse/lakeFS/security/advisories/GHSA-26hr-q2wp-rvc5.

Affected Modules

Path

Go Versions
github.com/treeverse/lakefs

before v1.3.1

Aliases

GHSA-26hr-q2wp-rvc5

References

https://github.com/treeverse/lakeFS/security/advisories/GHSA-26hr-q2wp-rvc5
https://vuln.go.dev/ID/GO-2023-2397.json

Feedback

This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL