Minio@* Security Vulnerabilities and Issues — Minio@* CVE List

Lucene search

MinioMinio*

9 matches found

CVE•added 2023/03/22 9:15 p.m.•603 views

CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with ...

8.8CVSS8.6AI score0.36051EPSS

In wild

CVE•added 2023/03/22 9:15 p.m.•417 views

CVE-2023-28433

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, servic...

8.8CVSS8.4AI score0.00296EPSS

CVE•added 2022/08/01 10:15 p.m.•409 views

CVE-2022-35919

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow a...

7.4CVSS5.4AI score0.05737EPSS

Web

CVE•added 2021/12/27 10:15 p.m.•165 views

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the accep...

8.8CVSS8.5AI score0.46632EPSS

CVE•added 2021/03/08 7:15 p.m.•155 views

CVE-2021-21362

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses...

7.7CVSS6.6AI score0.00078EPSS

CVE•added 2020/04/23 10:15 p.m.•80 views

CVE-2020-11012

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been ...

9.3CVSS7.8AI score0.00075EPSS

CVE•added 2021/02/01 6:15 p.m.•71 views

CVE-2021-21287

MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwi...

7.7CVSS7.5AI score0.92685EPSS

CVE•added 2021/03/19 4:15 p.m.•55 views

CVE-2021-21390

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed...

6.5CVSS5.6AI score0.00264EPSS

CVE•added 2018/06/26 4:29 p.m.•47 views

CVE-2018-1000538

Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests wit...

7.5CVSS7.5AI score0.0028EPSS