Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NMinio
APPMinio2019-12-17t23-16-33z – 2023-03-20t20-16-18z (bez)
CISA KEV — detailsi
- Vendori
- MinIO
- Producti
- MinIO
- Added to KEVi
- April 21, 2023
- Remediation deadline (US Federal)i
- May 12, 2023(overdue)
Apply updates per vendor instructions.
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Related vulnerabilities
MinIO: JWT algorithm confusion umożliwia obejście uwierzytelnienia OIDC
MinIO AIStor: brute-force danych LDAP przez STS AssumeRoleWithLDAPIdentity
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API....
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use cr...
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEA...