8 matches found
MinIO < RELEASE.2023-03-20T20-16-18Z Multiple Vulnerabilities
The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by multiple vulnerabilities: - When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIOSECRETKEY' and 'MINIOROOTPASSWORD', resulti...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risk...
CVE-2023-28434
creationtimestamp| type| source ---|---|--- 2023-03-22 23:35:58+00:00| seen| https://t.me/cibsecurity/60516 2023-03-23 14:52:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4016 2023-03-23 15:55:52+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4018 2023-03-27...
CVE-2023-28434 vulnerabilities
Vulnerabilities for packages: minio...
CVE-2023-28434 vulnerabilities
Vulnerabilities for packages: minio...
UBUNTU-CVE-2023-28434
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
CVE-2023-28434
CVE-2023-28434 (MinIO) affects MinIO’s object storage framework. A security feature bypass allows an attacker with credentials for arn:aws:s3:::* and Console API access to bypass metadata bucket name checking during PostPolicyBucket and place objects into arbitrary buckets. This can impact confid...