5 matches found
CVE-2025-27414
A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...
CVE-2025-27414
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...
CVE-2025-27414
CVE-2025-27414 concerns MinIO SFTP authentication, where a bug in evaluating the trust of an SSH key used for LDAP-backed SFTP access can allow unauthorized data access. A MinIO server configured for SFTP with LDAP, and a user (or a group) whose LDAP entry lacks the sshPublicKey attribute, can ca...
CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key
MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...