Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34781

OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session status without sandbox constraints to bypass session-policy...

5.3CVSS5.8AI score0.00199EPSS
Exploits0References5
OSV
OSV
added 2026/03/05 10:16 p.m.7 views

CVE-2026-28469

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

7.5CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/01/08 3:3 p.m.4 views

CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed denyonly short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privilege...

7.1CVSS7AI score0.00378EPSS
Exploits1References3
OSV
OSV
added 2025/10/30 3:2 p.m.5 views

GO-2025-4034 MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio

MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS in github.com/minio/minio...

8.1CVSS7AI score0.00523EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.3 views

FreeBSD : minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS (511f5aac-ab46-11f0-9446-f02f7497ecda)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 511f5aac-ab46-11f0-9446-f02f7497ecda advisory. mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Servi...

8.1CVSS5.6AI score0.00523EPSS
Exploits1References3
OSV
OSV
added 2025/10/21 9:34 a.m.2 views

BIT-MINIO-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00523EPSS
Exploits1References7
OSV
OSV
added 2025/10/16 9:36 p.m.2 views

GHSA-JJJJ-JWHF-8RGR MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS

Summary A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user...

8.1CVSS7.4AI score0.00523EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/16 9:17 p.m.5 views

EUVD-2025-34834

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS6.7AI score0.00523EPSS
Exploits1References4
OSV
OSV
added 2025/10/16 9:17 p.m.3 views

CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00523EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/10/16 9:17 p.m.10 views

CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS0.00523EPSS
Exploits1References3
Rows per page
Query Builder