Authentication Bypass

github.com/minio/console is vulnerable to authentication bypass. When external IDP is enabled in Operator Console, operator does not perform sufficient validation checks on 'Oauth2' login flow, leading to authentication bypass...

Authentication bypass issue in the Operator Console

During an internal security audit, we detected an authentication bypass issue in the Operator Console when an external IDP is enabled. The security issue has been reported internally. We have not observed this exploit in the wild or reported elsewhere in the community at large. All users are...

CVE-2021-41266

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affect...

Authentication flaw

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affect...

CVE-2021-41266 Authentication bypass issue in the Operator Console

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affect...

CVE-2021-41266

CVE-2021-41266 affects MinIO Console (the Operator Console UI for the MinIO Operator). The vulnerability is an authentication bypass in the Operator Console when an external IDP is enabled, impacting all users on release v0.12.2 and earlier. A fix is available in v0.12.3 and newer. If upgrading i...