5 matches found
oxenstored keeps quota related use counts across domain destruction
ISSUE DESCRIPTION When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota. IMPACT Over an extended period of time, new domains will b...
CVE-2025-64179
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179 lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...
CVE-2025-64179
lakeFS versions
lakeFS 安全漏洞
lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...