CVE-2020-11012

Опубликовано: 23 апр. 2020

Источник: nvd

CVSS3: 9.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

Ссылки

https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923
Patch
Third Party Advisory
https://github.com/minio/minio/pull/9422
Third Party Advisory
https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z
Third Party Advisory
https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w
Patch
Third Party Advisory
https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923
Patch
Third Party Advisory
https://github.com/minio/minio/pull/9422
Third Party Advisory
https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z
Third Party Advisory
https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*

Версия до 2020-04-23t00-58-49z (исключая)

EPSS

Процентиль: 41%

0.00192

Низкий

9.3 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-305

CWE-755

Связанные уязвимости

GHSA-xv4r-vccv-mg4w

CVSS3: 7.1

github

больше 4 лет назад

MinIO Admin API security issue

EPSS

Процентиль: 41%

0.00192

Низкий

9.3 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-305

CWE-755