{"uuid": "853dcf24-af33-4188-bc1b-97cc5cd7f0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24747", "type": "seen", "source": "https://t.me/arpsyndicate/4642", "content": "#ExploitObserverAlert\n\nCVE-2024-24747\n\nDESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24747. MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 5.9\nNVD-ES: 2.8\nARPS-EXPLOITABILITY: 0.7162829", "creation_timestamp": "2024-04-13T12:00:12.000000Z"}