BIT-MINIO-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

CVE-2023-25812

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

CVE-2023-25812

CVE-2023-25812 (Minio) affects Minio, a multi-cloud object storage framework. Affected versions fail to honor a Deny policy when receiving the header X-Amz-Bypass-Governance-Retention: true, allowing a request to delete a versionId under governance. The issue states that such requests are incorre...

PT-2023-2120 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: Minio affected versions not specified Description: Minio is a Multi-Cloud Object Storage framework. The issue arises when the framework does not correctly honor a Deny policy on ByPassGoverance. Ideally, Minio should return "Access Denied" to...