{"vulnerability": "CVE-2024-24747", "sightings": [{"uuid": "853dcf24-af33-4188-bc1b-97cc5cd7f0fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24747", "type": "seen", "source": "https://t.me/arpsyndicate/4642", "content": "#ExploitObserverAlert\n\nCVE-2024-24747\n\nDESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2024-24747. MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.\n\nFIRST-EPSS: 0.000580000\nNVD-IS: 5.9\nNVD-ES: 2.8\nARPS-EXPLOITABILITY: 0.7162829", "creation_timestamp": "2024-04-13T12:00:12.000000Z"}, {"uuid": "2b80cad2-4524-4750-afb4-c17276701100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24747", "type": "seen", "source": "https://t.me/ctinow/177177", "content": "https://ift.tt/P4c9tHa\nCVE-2024-24747", "creation_timestamp": "2024-01-31T23:26:24.000000Z"}, {"uuid": "f85b78bd-f706-4191-bd43-d41ea4298cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24747", "type": "seen", "source": "https://t.me/ctinow/182201", "content": "https://ift.tt/Ur0FDfy\nCVE-2024-24747 Exploit", "creation_timestamp": "2024-02-09T19:17:11.000000Z"}, {"uuid": "8dc94ab3-29ae-4d63-a0d3-efa88d606fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24747", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2481", "content": "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4\n\nCVE-2024-24747\n#github #\u5206\u6790", "creation_timestamp": "2024-05-14T01:05:39.000000Z"}]}