5 matches found
CVE-2025-31489 vulnerabilities
Vulnerabilities for packages: minio...
CVE-2025-31489
A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...
CVE-2025-31489
creationtimestamp| type| source ---|---|--- 2025-04-03 20:33:02+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114275934621714005 2025-04-03 20:33:02+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114275934621714005 2025-04-03 21:06:35+00:00| seen|...
CVE-2025-31489
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...