Veracode Vulnerability DatabaseVERACODE:36587Path Traversal
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3.3 Low
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:M/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
35.3%
github.com/minio/minio is vulnerable to path traversal. A privileged attacker with admin:ServerUpdate permission is able to trigger an error response, which in turn returns the content of the path specified, allowing the attacker to gain access to contents at any arbitrary paths that are readable by the MinIO process.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/minio/minio | le | RELEASE.2020-11-10T21-02-24Z | |
| github.com/minio/minio | le | RELEASE.2020-11-10T21-02-24Z |
Related
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3.3 Low
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:M/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
35.3%