logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-27589

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-27589

Description:
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`.
Last updated date:
03/21/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
03/21/2023
Reference url to background

https://github.com/minio/minio/pull/16803

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy