CVE-2021-43858

MinIO es una aplicación nativa de Kubernetes para el almacenamiento en la nube. En versiones anteriores a "RELEASE.2021-12-27T07-23-18Z", un cliente malicioso puede elaborar manualmente una llamada a la API HTTP que permite actualizar la política de un usuario y alcanzar mayores privilegios. El parche de la versión "RELEASE.2021-12-27T07-23-18Z" cambia el tipo de cuerpo de petición aceptado y elimina la posibilidad de aplicar cambios de política mediante esta API. Se presenta una solución para esta vulnerabilidad: El cambio de contraseñas puede deshabilitarse al añadir una regla explícita "Deny" para deshabilitar la API para los usuarios

MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API.

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include denial of service, open redirection, privilege escalation, and traversal vulnerabilities.