42 matches found
CVE-2026-10843
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...
CVE-2026-40379
CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...
CVE-2026-40379 Azure Entra ID Spoofing Vulnerability
...
KLA91030 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...
SUSE CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
CVE-2026-33419
MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...
MinIO 安全漏洞
MinIO is an open-source object storage server provided by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions prior to MinIO RELEASE.2026-03-17T21-25-16Z contained a security vulnerability. This...
PT-2026-26758
Name of the Vulnerable Software and Affected Versions MinIO versions prior to RELEASE.2026-03-17T21-25-16Z Description The MinIO AIStor Security Token Service STS AssumeRoleWithLDAPIdentity endpoint is susceptible to LDAP credential brute-forcing. This is due to a combination of distinguishable...
acmer (>=0.0.1 <=0.0.16), auth-proxy (>=0.0.1 <=0.1.1) +446 more potentially affected by unknown CVE via aws-sdk-sts (>=0.0.22-alpha <=0.9.0)
aws-sdk-sts CARGO version =0.0.22-alpha, =0.0.1, =0.0.1, =0.2.36, =0.0.18, =0.0.42, =0.0.1, =0.0.22-alpha, =0.0.1, =0.0.24, =0.0.1, =0.1.0, =0.4.0, =0.2.0, =0.2.0, =0.34.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
GO-2025-4034 MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio...
BIT-MINIO-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS
mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...
EUVD-2025-34834
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506
MinIO CVE-2025-62506 is a privilege-escalation issue in which a restricted service/STS account can create a new service account for itself due to a DenyOnly short-circuit in session-policy validation. Affected versions are prior to RELEASE.2025-10-15T17-29-55Z; the attacker may gain parent-level ...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...