CRITICAL🇵🇱 Wersja polska

CVE-2020-11012

CVSS 9.3v3.1pub. 2020-04-23upd. 2024-11-21

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
  • Minio

    APP
    Minio
    < 2020-04-23t00-58-49z
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-33419CRITICAL9.1PL ✓ten sam produkt

MinIO AIStor: brute-force danych LDAP przez STS AssumeRoleWithLDAPIdentity

CVE-2026-33322CRITICAL9.2PL ✓ten sam produkt

MinIO: JWT algorithm confusion umożliwia obejście uwierzytelnienia OIDC

CVE-2023-28434HIGH8.8⚠ KEVten sam produkt

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use cr...

CVE-2023-28432HIGH7.5⚠ KEVten sam produkt

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-1...

CVE-2026-40344HIGH8.8ten sam produkt

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEA...