Lucene search
FreeBSD144836E3-2358-11EF-996E-40B034455553HistoryJan 31, 2024 - 12:00 a.m.
minio -- privilege escalation via permissions inheritance
2024-01-3100:00:00
vuxml.freebsd.org
4
minio
security advisory
privilege escalation
permissions inheritance
access keys
admin rights
s3 permissions
permissive
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
Minio security advisory GHSA-xx8w-mq23-29g4 ports:
When someone creates an access key, it inherits the
permissions of the parent key. Not only for s3:* actions,
but also admin:* actions. Which means unless somewhere
above in the access-key hierarchy, the admin rights are
denied, access keys will be able to simply override their
own s3 permissions to something more permissive.
Related
redos
redos
ROS-20240410-19
2024-04-10 00:00:00
veracode
veracode
Improper Privilege Management
2024-02-28 17:13:49
Improper Privilege Management
2024-02-06 18:19:41
nvd
nvd
CVE-2024-24747
2024-01-31 22:15:54
alpinelinux
alpinelinux
CVE-2024-24747
2024-01-31 22:15:54
osv
osv
BIT-minio-2024-24747
2024-03-06 10:56:07
CVE-2024-24747
2024-01-31 22:15:54
cvelist
cvelist
cve
cve
CVE-2024-24747
2024-01-31 22:15:54
vulnrichment
vulnrichment
zdt
zdt
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation Exploit
2024-04-12 00:00:00
exploitdb
exploitdb
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
2024-04-12 00:00:00
prion
prion
Code injection
2024-01-31 22:15:00
github
github
packetstorm
packetstorm
MinIO Privilege Escalation
2024-04-12 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
Low
Related for 144836E3-2358-11EF-996E-40B034455553