cvelistv5 - cve-2023-28432

CVE-2023-28432 (GCVE-0-2023-28432)

Vulnerability from cvelistv5

Published

2023-03-22 20:16

Modified

2025-10-21 23:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

References

URL

	Vendor	Product	Version
	minio	minio	Version: >= RELEASE.2019-12-17T23-16-33Z, < RELEASE.2023-03-20T20-16-18Z

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2023-04-21

Due date: 2023-05-12

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
          },
          {
            "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28432",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T21:16:56.029650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-04-21",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:22.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-04-21T00:00:00+00:00",
            "value": "CVE-2023-28432 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "minio",
          "vendor": "minio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= RELEASE.2019-12-17T23-16-33Z, \u003c RELEASE.2023-03-20T20-16-18Z"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-27T00:08:29.261Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
        },
        {
          "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
        },
        {
          "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
        },
        {
          "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
        },
        {
          "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
        }
      ],
      "source": {
        "advisory": "GHSA-6xvq-wj2x-3h3q",
        "discovery": "UNKNOWN"
      },
      "title": "Minio Information Disclosure in Cluster Deployment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-28432",
    "datePublished": "2023-03-22T20:16:38.641Z",
    "dateReserved": "2023-03-15T15:59:10.052Z",
    "dateUpdated": "2025-10-21T23:15:22.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-28432",
      "cwes": "[\"CWE-200\"]",
      "dateAdded": "2023-04-21",
      "dueDate": "2023-05-12",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432",
      "product": "MinIO",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.",
      "vendorProject": "MinIO",
      "vulnerabilityName": "MinIO Information Disclosure Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28432\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-03-22T21:15:18.257\",\"lastModified\":\"2025-10-24T14:46:55.697\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-04-21\",\"cisaActionDue\":\"2023-05-12\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"MinIO Information Disclosure Vulnerability\",\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2019-12-17t23-16-33z\",\"versionEndExcluding\":\"2023-03-20t20-16-18z\",\"matchCriteriaId\":\"A2A8F3D7-177F-4D52-B4F6-C4AB06AA4A4D\"}]}]}],\"references\":[{\"url\":\"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://twitter.com/Andrew___Morris/status/1639325397241278464\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://viz.greynoise.io/tag/minio-information-disclosure-attempt\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://twitter.com/Andrew___Morris/status/1639325397241278464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://viz.greynoise.io/tag/minio-information-disclosure-attempt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\", \"name\": \"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\", \"name\": \"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/Andrew___Morris/status/1639325397241278464\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://viz.greynoise.io/tag/minio-information-disclosure-attempt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:38:25.355Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28432\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:16:56.029650Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-04-21\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-21T00:00:00+00:00\", \"value\": \"CVE-2023-28432 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:16:58.216Z\"}}], \"cna\": {\"title\": \"Minio Information Disclosure in Cluster Deployment\", \"source\": {\"advisory\": \"GHSA-6xvq-wj2x-3h3q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"minio\", \"product\": \"minio\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= RELEASE.2019-12-17T23-16-33Z, \u003c RELEASE.2023-03-20T20-16-18Z\"}]}], \"references\": [{\"url\": \"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\", \"name\": \"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\", \"name\": \"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/Andrew___Morris/status/1639325397241278464\"}, {\"url\": \"https://viz.greynoise.io/tag/minio-information-disclosure-attempt\"}, {\"url\": \"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-03-27T00:08:29.261Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28432\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:22.503Z\", \"dateReserved\": \"2023-03-15T15:59:10.052Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-03-22T20:16:38.641Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2023-28432

Vulnerability from fkie_nvd

Published

2023-03-22 21:15

Modified

2025-10-24 14:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z	Release Notes
security-advisories@github.com	https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q	Exploit, Vendor Advisory
security-advisories@github.com	https://twitter.com/Andrew___Morris/status/1639325397241278464	Third Party Advisory
security-advisories@github.com	https://viz.greynoise.io/tag/minio-information-disclosure-attempt	Third Party Advisory
security-advisories@github.com	https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/Andrew___Morris/status/1639325397241278464	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://viz.greynoise.io/tag/minio-information-disclosure-attempt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432	US Government Resource

Impacted products

	Vendor	Product	Version
	minio	minio	*

JSON

To clipboard

{
  "cisaActionDue": "2023-05-12",
  "cisaExploitAdd": "2023-04-21",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "MinIO Information Disclosure Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A8F3D7-177F-4D52-B4F6-C4AB06AA4A4D",
              "versionEndExcluding": "2023-03-20t20-16-18z",
              "versionStartIncluding": "2019-12-17t23-16-33z",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."
    }
  ],
  "id": "CVE-2023-28432",
  "lastModified": "2025-10-24T14:46:55.697",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-22T21:15:18.257",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2023-28432

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-28432

Aliases

CVE-2023-28432

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28432",
    "id": "GSD-2023-28432"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28432"
      ],
      "details": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.",
      "id": "GSD-2023-28432",
      "modified": "2023-12-13T01:20:48.226164Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-28432",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "minio",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= RELEASE.2019-12-17T23-16-33Z, \u003c RELEASE.2023-03-20T20-16-18Z"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "minio"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
            "refsource": "MISC",
            "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
          },
          {
            "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z",
            "refsource": "MISC",
            "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
          },
          {
            "name": "https://twitter.com/Andrew___Morris/status/1639325397241278464",
            "refsource": "MISC",
            "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
          },
          {
            "name": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt",
            "refsource": "MISC",
            "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
          },
          {
            "name": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean",
            "refsource": "MISC",
            "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-6xvq-wj2x-3h3q",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=v2019-12-17t23-16-33z \u003cv2023-03-20t20-16-18z",
          "affected_versions": "All versions starting from 2019-12-17t23-16-33z before 2023-03-20t20-16-18z",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-03-28",
          "description": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.",
          "fixed_versions": [
            "v2023-03-20t20-16-18z"
          ],
          "identifier": "CVE-2023-28432",
          "identifiers": [
            "CVE-2023-28432",
            "GHSA-6xvq-wj2x-3h3q"
          ],
          "not_impacted": "",
          "package_slug": "go/github.com/minio/minio",
          "pubdate": "2023-03-22",
          "solution": "Upgrade to version 2023-03-20t20-16-18z or above.",
          "title": "Information Disclosure in Cluster Deployment",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-28432",
            "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
            "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z",
            "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean",
            "https://twitter.com/Andrew___Morris/status/1639325397241278464",
            "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
          ],
          "uuid": "865975ba-7d1b-490c-b4a0-9c059856ca70",
          "versions": []
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2023-03-20t20-16-18z",
                "versionStartIncluding": "2019-12-17t23-16-33z",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-28432"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"
            },
            {
              "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"
            },
            {
              "name": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
            },
            {
              "name": "https://twitter.com/Andrew___Morris/status/1639325397241278464",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://twitter.com/Andrew___Morris/status/1639325397241278464"
            },
            {
              "name": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-03-28T16:26Z",
      "publishedDate": "2023-03-22T21:15Z"
    }
  }
}

var-202303-1844

Vulnerability from variot

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. Minio Inc. of Minio Exists in unspecified vulnerabilities.Information may be obtained

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202303-1844",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "minio",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "minio",
        "version": "2019-12-17t23-16-33z"
      },
      {
        "model": "minio",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "minio",
        "version": "2023-03-20t20-16-18z"
      },
      {
        "model": "minio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "minio",
        "version": "2019-12-17t23-16-33z  that\u0027s all  2023-03-20t20-16-18z"
      },
      {
        "model": "minio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "minio",
        "version": null
      },
      {
        "model": "minio",
        "scope": null,
        "trust": 0.8,
        "vendor": "minio",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2023-03-20t20-16-18z",
                "versionStartIncluding": "2019-12-17t23-16-33z",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "cve": "CVE-2023-28432",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-28432",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-28432",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "security-advisories@github.com",
            "id": "CVE-2023-28432",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202303-1795",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. Minio Inc. of Minio Exists in unspecified vulnerabilities.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-28432"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-28432",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-28432",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "id": "VAR-202303-1844",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.18899521
  },
  "last_update_date": "2024-06-29T23:03:55.394000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MinIO Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=230693"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/atk7r/taichi "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28432"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://github.com/minio/minio/releases/tag/release.2023-03-20t20-16-18z"
      },
      {
        "trust": 2.4,
        "url": "https://github.com/minio/minio/security/advisories/ghsa-6xvq-wj2x-3h3q"
      },
      {
        "trust": 2.4,
        "url": "https://twitter.com/andrew___morris/status/1639325397241278464"
      },
      {
        "trust": 2.4,
        "url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt"
      },
      {
        "trust": 2.4,
        "url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28432"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-28432/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-28432"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-28432"
      },
      {
        "date": "2023-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "date": "2023-03-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "date": "2023-03-22T21:15:18.257000",
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-28432"
      },
      {
        "date": "2023-11-10T04:23:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      },
      {
        "date": "2023-03-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      },
      {
        "date": "2024-06-27T19:30:51.627000",
        "db": "NVD",
        "id": "CVE-2023-28432"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Minio\u00a0Inc.\u00a0 of \u00a0Minio\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-005841"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202303-1795"
      }
    ],
    "trust": 0.6
  }
}

wid-sec-w-2023-2261

Vulnerability from csaf_certbund

Published

2023-09-04 22:00

Modified

2023-09-04 22:00

Summary

MinIO: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

MinIO ist ein S3-kompatibler Objektspeicher, der für groß angelegte KI/ML-, Data Lake- und Datenbank-Workloads entwickelt wurde. Er läuft "on-premise" und in jeder Cloud.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MinIO ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MinIO ist ein S3-kompatibler Objektspeicher, der f\u00fcr gro\u00df angelegte KI/ML-, Data Lake- und Datenbank-Workloads entwickelt wurde. Er l\u00e4uft \"on-premise\" und in jeder Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MinIO ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2261 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2261.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2261 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2261"
      },
      {
        "category": "external",
        "summary": "MinIO Security Notification vom 2023-09-04",
        "url": "https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html"
      }
    ],
    "source_lang": "en-US",
    "title": "MinIO: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-09-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:02.058+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2261",
      "initial_release_date": "2023-09-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source MinIO \u003c RELEASE.2023-03-20T20-16-18Z",
            "product": {
              "name": "Open Source MinIO \u003c RELEASE.2023-03-20T20-16-18Z",
              "product_id": "T029711",
              "product_identification_helper": {
                "cpe": "cpe:/a:minio:minio:release.2023-03-20t20-16-18z"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28434",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in MinIO. Dieser Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Rechteverwaltung und Inkonsequenz zwischen der Pr\u00fcfung f\u00fcr das Routing von Post-Policy-Anforderungen und der Verhinderung des Zugriffs auf reservierte Buckets. Ein Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und seine Privilegien zu erweitern, indem er manipulierte Anfragen verwendet, um die \u00dcberpr\u00fcfung des Metadaten-Bucket-Namens zu umgehen und ein Objekt in einen beliebigen Bucket zu legen, w\u00e4hrend er PostPolicyBucket verarbeitet."
        }
      ],
      "release_date": "2023-09-04T22:00:00.000+00:00",
      "title": "CVE-2023-28434"
    },
    {
      "cve": "CVE-2023-28432",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in MinIO. Dieser Fehler besteht in einem Cluster-Einsatz, da das System alle Umgebungsvariablen zur\u00fcckgibt. Ein Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-09-04T22:00:00.000+00:00",
      "title": "CVE-2023-28432"
    }
  ]
}

WID-SEC-W-2023-2261

Vulnerability from csaf_certbund

Published

2023-09-04 22:00

Modified

2023-09-04 22:00

Summary

MinIO: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Notes

Produktbeschreibung

MinIO ist ein S3-kompatibler Objektspeicher, der für groß angelegte KI/ML-, Data Lake- und Datenbank-Workloads entwickelt wurde. Er läuft "on-premise" und in jeder Cloud.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MinIO ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MinIO ist ein S3-kompatibler Objektspeicher, der f\u00fcr gro\u00df angelegte KI/ML-, Data Lake- und Datenbank-Workloads entwickelt wurde. Er l\u00e4uft \"on-premise\" und in jeder Cloud.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in MinIO ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2261 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2261.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2261 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2261"
      },
      {
        "category": "external",
        "summary": "MinIO Security Notification vom 2023-09-04",
        "url": "https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html"
      }
    ],
    "source_lang": "en-US",
    "title": "MinIO: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-09-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:02.058+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2261",
      "initial_release_date": "2023-09-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source MinIO \u003c RELEASE.2023-03-20T20-16-18Z",
            "product": {
              "name": "Open Source MinIO \u003c RELEASE.2023-03-20T20-16-18Z",
              "product_id": "T029711",
              "product_identification_helper": {
                "cpe": "cpe:/a:minio:minio:release.2023-03-20t20-16-18z"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28434",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in MinIO. Dieser Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Rechteverwaltung und Inkonsequenz zwischen der Pr\u00fcfung f\u00fcr das Routing von Post-Policy-Anforderungen und der Verhinderung des Zugriffs auf reservierte Buckets. Ein Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und seine Privilegien zu erweitern, indem er manipulierte Anfragen verwendet, um die \u00dcberpr\u00fcfung des Metadaten-Bucket-Namens zu umgehen und ein Objekt in einen beliebigen Bucket zu legen, w\u00e4hrend er PostPolicyBucket verarbeitet."
        }
      ],
      "release_date": "2023-09-04T22:00:00.000+00:00",
      "title": "CVE-2023-28434"
    },
    {
      "cve": "CVE-2023-28432",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in MinIO. Dieser Fehler besteht in einem Cluster-Einsatz, da das System alle Umgebungsvariablen zur\u00fcckgibt. Ein Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-09-04T22:00:00.000+00:00",
      "title": "CVE-2023-28432"
    }
  ]
}

cnvd-2023-19953

Vulnerability from cnvd

Title

MinIO信息泄露漏洞

Description

MinIO是美国MinIO公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO存在信息泄露漏洞，该漏洞源于在集群部署中MinIO会返回所有环境变量，包括“MinIO_SSECRET_KEY”和“MinIO_ROOT_PASSWORD”，攻击者可利用该漏洞导致信息泄露。

Severity

高

Patch Name

MinIO信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-28432

Impacted products

Name
MinIO MinIO >=RELEASE.2019-12-17T23-16-33Z，< RELEASE.2023-03-20T20-16-18Z

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-28432"
    }
  },
  "description": "MinIO\u662f\u7f8e\u56fdMinIO\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u6784\u5efa\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u3001\u5206\u6790\u548c\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u7840\u67b6\u6784\u3002\n\nMinIO\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u96c6\u7fa4\u90e8\u7f72\u4e2dMinIO\u4f1a\u8fd4\u56de\u6240\u6709\u73af\u5883\u53d8\u91cf\uff0c\u5305\u62ec\u201cMinIO_SSECRET_KEY\u201d\u548c\u201cMinIO_ROOT_PASSWORD\u201d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-19953",
  "openTime": "2023-03-24",
  "patchDescription": "MinIO\u662f\u7f8e\u56fdMinIO\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5bf9\u8c61\u5b58\u50a8\u670d\u52a1\u5668\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u6784\u5efa\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u3001\u5206\u6790\u548c\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u5de5\u4f5c\u8d1f\u8f7d\u7684\u57fa\u7840\u67b6\u6784\u3002\r\n\r\nMinIO\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u96c6\u7fa4\u90e8\u7f72\u4e2dMinIO\u4f1a\u8fd4\u56de\u6240\u6709\u73af\u5883\u53d8\u91cf\uff0c\u5305\u62ec\u201cMinIO_SSECRET_KEY\u201d\u548c\u201cMinIO_ROOT_PASSWORD\u201d\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "MinIO\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "MinIO MinIO \u003e=RELEASE.2019-12-17T23-16-33Z\uff0c\u003c RELEASE.2023-03-20T20-16-18Z"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-28432",
  "serverity": "\u9ad8",
  "submitTime": "2023-03-24",
  "title": "MinIO\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-28432 (GCVE-0-2023-28432)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

fkie_cve-2023-28432

Vulnerability from fkie_nvd

gsd-2023-28432

Vulnerability from gsd

var-202303-1844

Vulnerability from variot

wid-sec-w-2023-2261

Vulnerability from csaf_certbund

WID-SEC-W-2023-2261

Vulnerability from csaf_certbund

cnvd-2023-19953

Vulnerability from cnvd

Tags

Sightings

Nomenclature