4 matches found
CVE-2023-28434
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
GHSA-2PXW-R47W-4P8C Privilege Escalation on Linux/MacOS
Impact An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with arn:aws:s3::: permission, as well as enabled Console API access. Patches commit...
VulnCheck KEV: CVE-2023-28434
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...
Privilege Escalation
github.com/minio/minio is vulnerable to Privilege Escalation. An attacker is able to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To achieve this, the attacker needs credentials with arn:aws:s3::: permission and...