Lucene search

CVE-2023-28434

🗓️ 22 Mar 2023 21:18:15Reported by [email protected]Type

Prior to RELEASE.2023-03-20T20-16-18Z, Minio allows bypassing metadata bucket name check and putting objects into any bucket using crafted requests. Requires 'arn:aws:s3:::*' permission and enabled Console API access. Patched in RELEASE.2023-03-20T20-16-18Z. Workaround: enable browser API access, turn off 'MINIO_BROWSER=off'

Reporter	Title	Published	Views	Family All 23
OSV	CGA-28M3-FGWH-2Q2W	6 Jun 202412:17	–	osv
OSV	CVE-2023-28434	22 Mar 202321:15	–	osv
OSV	BIT-minio-2023-28434	6 Mar 202410:56	–	osv
OSV	Privilege Escalation on Linux/MacOS	5 Sep 202315:45	–	osv
Veracode	Privilege Escalation	28 Mar 202307:02	–	veracode
Chainguard	CVE-2023-28434 vulnerabilities	22 Mar 202321:15	–	cgr
CVE	CVE-2023-28434	22 Mar 202321:15	–	cve
AlpineLinux	CVE-2023-28434	22 Mar 202321:15	–	alpinelinux
CISA	CISA Adds One Known Exploited Vulnerability to Catalog	19 Sep 202312:00	–	cisa
AttackerKB	CVE-2023-28434	22 Mar 202300:00	–	attackerkb

Nvd

Node

minio minioRange<2023-03-20t20-16-18z

Source	Link
github	www.github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5
github	www.github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c
github	www.github.com/minio/minio/pull/16849

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Mar 2023 21:15Current

8.7High risk

Vulners AI Score8.7

CVSS38.8

EPSS0.83779

CWE-269