CVSS: 7.7EPSS: 96%CPEs: 1EXPL: 0CVE-2021-21287 – Server-Side Request Forgery in MinIO Browser API
https://notcve.org/view.php?id=CVE-2021-21287
01 Feb 2021 — MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a... • https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11012 – Authentication bypass MinIO Admin API
https://notcve.org/view.php?id=CVE-2020-11012
23 Apr 2020 — MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. MinIO versiones anteriores a la versión RELEASE.2020-04-23T00-58-49Z, tiene un problema de omisión de autenticación en la API de administración de MinIO.... • https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923 • CWE-305: Authentication Bypass by Primary Weakness CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000538
https://notcve.org/view.php?id=CVE-2018-1000538
26 Jun 2018 — Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7. El servidor Minio S3, de Minio Inc., en versiones anteriores al RELEASE.2018-05-16T23-35-33Z... • https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220 • CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling •