github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser
and ImportIAM
functions of admin-handlers-users.go
because a user with consoleAdmin
permissions can potentially create a user that matches the root credential accessKey
. Once this user is created successfully, the root credential ceases to work.