Lucene search
+L

8 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.36 views

MinIO < RELEASE.2023-03-20T20-16-18Z Multiple Vulnerabilities

The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by multiple vulnerabilities: - When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIOSECRETKEY' and 'MINIOROOTPASSWORD', resulti...

8.8CVSS8.6AI score0.83957EPSS
Exploits14References5
CISA
CISA
added 2023/09/19 12:0 p.m.17 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risk...

8.8CVSS7.1AI score0.06736EPSS
In wildExploits2References6
Circl
Circl
added 2023/03/22 11:35 p.m.34 views

CVE-2023-28434

creationtimestamp| type| source ---|---|--- 2023-03-22 23:35:58+00:00| seen| https://t.me/cibsecurity/60516 2023-03-23 14:52:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4016 2023-03-23 15:55:52+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4018 2023-03-27...

8.8CVSS7.5AI score0.06736EPSS
Exploits2References14
Chainguard
Chainguard
added 2023/03/22 9:15 p.m.143 views

CVE-2023-28434 vulnerabilities

Vulnerabilities for packages: minio...

8.8CVSS7.4AI score0.06736EPSS
Exploits2
Wolfi
Wolfi
added 2023/03/22 9:15 p.m.426 views

CVE-2023-28434 vulnerabilities

Vulnerabilities for packages: minio...

8.8CVSS7.7AI score0.06736EPSS
Exploits2
OSV
OSV
added 2023/03/22 9:15 p.m.13 views

UBUNTU-CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

8.8CVSS7.2AI score0.06736EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2023/03/22 8:44 p.m.12 views

CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...

8.8CVSS8.3AI score0.06736EPSS
Exploits2References3
CVE
CVE
added 2023/03/22 8:44 p.m.671 views

CVE-2023-28434

CVE-2023-28434 (MinIO) affects MinIO’s object storage framework. A security feature bypass allows an attacker with credentials for arn:aws:s3:::* and Console API access to bypass metadata bucket name checking during PostPolicyBucket and place objects into arbitrary buckets. This can impact confid...

8.8CVSS8.3AI score0.06736EPSS
In wildExploits2References4Affected Software1
Rows per page
Query Builder