Lakefs · Lakefs · CVE-2024-43784
**Name of the Vulnerable Software and Affected Versions**
lakeFS versions prior to 1.33.0
**Description**
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this issue. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials.
**Recommendations**
For versions prior to 1.33.0, upgrade to release version 1.33.0 to address the issue.
As a temporary workaround for those who cannot upgrade, do not reuse usernames that were previously deleted.