9 matches found
Design/Logic Flaw
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...
CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...
CVE-2022-35919 Authenticated requests for server update admin API allows path traversal in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...
CVE-2022-35919
Summary: CVE-2022-35919 affects MinIO by enabling path traversal via the admin:ServerUpdate API when an authenticated admin triggers a specific error, exposing contents readable by the MinIO process. Related sources describe affected versions and a fix path. Impact (as stated): potential exposure...
Cloud data breaches: 4 biggest threats to cloud storage security
Just about anywhere you look, organizations are using the cloud in some form—and they’re not all large enterprises. Small and medium businesses SMBs are also reaping the many benefits that the cloud offers over on-premise software, especially the lowered IT costs, increased scalability, and large...
Finding Attack Paths in Cloud Environments
The mass adoption of cloud infrastructure is fully justified by innumerable advantages. As a result, today, organizations' most sensitive business applications, workloads, and data are in the cloud. Hackers, good and bad, have noticed that trend and effectively evolved their attack techniques to...
How to Address the Current Complexity and Chaos of Cloud IAM
Cloudy judgement Combining the separate themes of cloud technology and identity access management IAM might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, securi...
SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS
SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel...
Amazon Macie and Deep Security
Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it’s massive. With unparalleled durability and availability, it’s the backbone of AWS’ data services. This morning at the AWS Summit in New York City, AWS launched a new service: Amazon...