Lucene search
PRIOn knowledge basePRION:CVE-2024-24747HistoryJan 31, 2024 - 10:15 p.m.
Code injection
2024-01-3122:15:00
PRIOn knowledge base
www.prio-n.com
12
code injection
high performance object storage
access key permissions
admin actions
security vulnerability
minio
nvd
parent key
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3 permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.
| CPE | Name | Operator | Version |
|---|---|---|---|
| minio | eq | 2024131.0.0-t202033-z |
Related
redos
redos
ROS-20240410-19
2024-04-10 00:00:00
nvd
nvd
CVE-2024-24747
2024-01-31 22:15:54
veracode
veracode
Improper Privilege Management
2024-02-28 17:13:49
Improper Privilege Management
2024-02-06 18:19:41
alpinelinux
alpinelinux
CVE-2024-24747
2024-01-31 22:15:54
cvelist
cvelist
vulnrichment
vulnrichment
zdt
zdt
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation Exploit
2024-04-12 00:00:00
cve
cve
CVE-2024-24747
2024-01-31 22:15:54
osv
osv
BIT-minio-2024-24747
2024-03-06 10:56:07
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
2024-02-01 19:21:30
CVE-2024-24747
2024-01-31 22:15:54
github
github
packetstorm
packetstorm
MinIO Privilege Escalation
2024-04-12 00:00:00
exploitdb
exploitdb
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
2024-04-12 00:00:00