CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

MinIO 安全漏洞

MinIO is an open source object storage server from US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. A security vulnerability exists in MinIO RELEASE.2020-04-10T03-34-42Z and prior versions, which stems from not properly...