CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

OSV•added 2026/03/27 7:8 a.m.•1 views

BIT-MINIO-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit

MinIO is a high-performance object storage system. Prior to 2026.03.17, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration,...

9.1CVSS5.8AI score0.00394EPSS

Exploits0References2

CVE•added 2026/03/24 7:5 p.m.•24 views

CVE-2026-33419

MinIO AIStor STS endpoint AssumeRoleWithLDAPIdentity is vulnerable to LDAP credential brute-forcing due to username enumeration via distinguishable error responses and no rate limiting. An unauthenticated attacker can enumerate LDAP usernames and perform unlimited password guesses to obtain tempo...

9.1CVSS5.8AI score0.00394EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/20 8:47 p.m.•3 views

GHSA-JV87-32HW-HH99 MinIO LDAP login brute-force via user enumeration and missing rate limit

Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...

9.1CVSS5.8AI score0.00394EPSS

Exploits0References3