4 matches found
CVE-2024-55949
A flaw was found in MinIO. Due to insufficient permissions checking in the IAM import API, a user may be able to change their policy mapping to escalate their privileges via a specially crafted configuration file...
CVE-2024-55949
MinIO is affected by a privilege-escalation flaw in the IAM import API. The issue impacts all users since the commit 580d9db85e04f1b63cc2909af50f0ed08afa965f, with a fix introduced in commit f246c9053f9603e610d98439799bdd2a6b293427 and released in RELEASE.2024-12-13T22-19-12Z. There are no workar...
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
Exploit Title: MinIO 2024-01-31T20-20-33Z - Privilege Escalation Date: 2024-04-11 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding RELEASE.2024-01-31T20-20-33Z Tested on: Windows 10 CVE : CVE-2024-24747 Required...
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...