Lucene search

Veracode Vulnerability DatabaseVERACODE:47276

HistoryMay 30, 2024 - 12:03 p.m.

Sensitive Information Disclosure

2024-05-3012:03:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sensitive information

disclosure

minio server

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object names.

CPENameOperatorVersion
github.com/minio/minioleRELEASE.2024-05-10T01-41-38Z
github.com/minio/minioleRELEASE.2024-05-10T01-41-38Z

CPE	Name	Operator	Version
	github.com/minio/minio	le	RELEASE.2024-05-10T01-41-38Z
	github.com/minio/minio	le	RELEASE.2024-05-10T01-41-38Z

References

developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since

developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Unmodified-Since

github.com/minio/minio/commit/e0fe7cc391724fc5baa85b45508f425020fe4272

github.com/minio/minio/pull/19810

github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for VERACODE:47276