CVE-2023-33955

Опубликовано: 30 мая 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 5.3

EPSS Низкий

Описание

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.

Ссылки

https://github.com/minio/console/commit/17e791afb90c9ad27c65f63c6be14f2f6a3a9d60
Patch
https://github.com/minio/console/releases/tag/v0.28.0
Release Notes
https://github.com/minio/console/security/advisories/GHSA-jv3f-7m33-qp65
Vendor Advisory
https://github.com/minio/console/commit/17e791afb90c9ad27c65f63c6be14f2f6a3a9d60
Patch
https://github.com/minio/console/releases/tag/v0.28.0
Release Notes
https://github.com/minio/console/security/advisories/GHSA-jv3f-7m33-qp65
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:minio:console:*:*:*:*:*:*:*:*

Версия до 0.28.0 (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-33955

CVSS3: 4.3

debian

больше 2 лет назад

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEF ...

GHSA-jv3f-7m33-qp65

CVSS3: 4.3

github

больше 2 лет назад

Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

EPSS

Процентиль: 50%

0.00266

Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo