Minio@* Security Vulnerabilities and Issues — Minio@* CVE List

Lucene search

MinioMinio*

8 matches found

CVE•added 2025/04/03 8:15 p.m.•1156 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on t...

8.7CVSS6.8AI score0.02822EPSS

CVE•added 2023/03/22 9:15 p.m.•597 views

CVE-2023-28434

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with ...

8.8CVSS8.6AI score0.36051EPSS

In wild

CVE•added 2023/03/22 9:15 p.m.•410 views

CVE-2023-28433

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, servic...

8.8CVSS8.4AI score0.00296EPSS

CVE•added 2021/12/27 10:15 p.m.•163 views

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the accep...

8.8CVSS8.5AI score0.46632EPSS

CVE•added 2024/01/31 10:15 p.m.•149 views

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

8.8CVSS8.2AI score0.24934EPSS

Web

CVE•added 2025/02/28 9:15 p.m.•88 views

CVE-2025-27414

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior toRELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP acce...

8.2CVSS7.1AI score0.00171EPSS

CVE•added 2023/02/21 9:15 p.m.•52 views

CVE-2023-25812

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was n...

8.8CVSS7.4AI score0.00107EPSS

CVE•added 2021/10/13 2:15 p.m.•51 views

CVE-2021-41137

Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, poli...

8.8CVSS8.4AI score0.00437EPSS