Description

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. This issue is fixed in version 1.71.0 . To workaround the vulnerability, use a load-balancer or application level firewall in order to block the request route /api/v1/usage-report/summary.

INFO

Published Date :

2025-11-06T21:57:18.234Z

Last Modified :

2025-11-06T21:57:18.234Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64179 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64179.

URL Resource
https://github.com/treeverse/lakeFS/commit/1c8adab852dac2387fcb00a256402b308a610c60 cve-icon cve-icon
https://github.com/treeverse/lakeFS/security/advisories/GHSA-h238-5mwf-8xw8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact