Lucene search

RedosROS-20240410-19

HistoryApr 10, 2024 - 12:00 a.m.

ROS-20240410-19

2024-04-1000:00:00

redos.red-soft.ru

minio

object storage

access differentiation

vulnerability

escalation

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

The MinIO object storage server vulnerability is related to flaws in access differentiation based on the
UpdateServiceAccountAdminAction policy. Exploitation of the vulnerability could allow an attacker,
acting remotely to escalate their privileges

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64minio<= 20230210T184839Z-4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	minio	<= 20230210T184839Z-4	UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for ROS-20240410-19