Lucene search
GoogleOSV:BIT-MINIO-2023-28433HistoryMar 06, 2024 - 10:56 a.m.
BIT-minio-2023-28433
2024-03-0610:56:28
Google
osv.dev
9
minio
object storage
windows
vulnerability
admin user
permission
patch
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| minio | lt | 2023.03.20 |
Related
veracode
veracode
Privilege Escalation
2023-03-28 06:40:13
cvelist
cvelist
cve
cve
CVE-2023-28433
2023-03-22 21:15:18
cgr
cgr
CVE-2023-28433 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-28433
2023-03-22 00:00:00
osv
osv
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
2023-09-06 18:43:13
CVE-2023-28433
2023-03-22 21:15:18
wolfi
wolfi
CVE-2023-28433 vulnerabilities
2024-05-29 15:13:11
prion
prion
Code injection
2023-03-22 21:15:00
github
github
alpinelinux
alpinelinux
CVE-2023-28433
2023-03-22 21:15:18
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.5%
Related for OSV:BIT-MINIO-2023-28433