CVE-2023-25812

🗓️ 21 Feb 2023 21:11:15Reported by GitHub_MType

Minio does not honor `Deny` policy on ByPassGoverance, leading to incorrect deletion of objects under governance in affected versions

Reporter	Title	Published	Views	Family All 10
Redos	ROS-20230317-03	17 Mar 202300:00	–	redos
OSV	BIT-minio-2023-25812	6 Mar 202410:56	–	osv
OSV	CVE-2023-25812	21 Feb 202321:15	–	osv
Veracode	Authentication Bypass	26 Feb 202317:23	–	veracode
Prion	Design/Logic Flaw	21 Feb 202321:15	–	prion
UbuntuCve	CVE-2023-25812	21 Feb 202300:00	–	ubuntucve
Vulnrichment	CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio	21 Feb 202320:32	–	vulnrichment
NVD	CVE-2023-25812	21 Feb 202321:15	–	nvd
Cvelist	CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio	21 Feb 202320:32	–	cvelist
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Python, OpenSSH, Golang Go, Minio and Redis may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift	25 Jul 202303:34	–	ibm

Nvd

Vulners

Node

minio minioRange2020-04-10t03-34-42z–2023-02-17t17-52-43z

[
  {
    "vendor": "minio",
    "product": "minio",
    "versions": [
      {
        "version": ">= RELEASE.2020-04-10T03-34-42Z, < RELEASE.2023-02-17T17-52-43Z",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/minio/minio/pull/16635
github	www.github.com/minio/minio/security/advisories/GHSA-c8fc-mjj8-fc63
github	www.github.com/minio/minio/commit/a7188bc9d0f0a5ae05aaf1b8126bcd3cb3fdc485

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 21:15Current

7.4High risk

Vulners AI Score7.4

CVSS36.5 - 8.8

EPSS0.13268

SSVC

CWE-281