Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AbelChe/evil_minio
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/MiracleAnameke/Cybersecurity-Vulnerability-and-Exposure-Report
- https://github.com/Mr-xn/CVE-2023-28432
- https://github.com/Mr-xn/CVE-2023-28434
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/aneasystone/github-trending
- https://github.com/hktalent/TOP
- https://github.com/johe123qwe/github-trending
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oxMdee/Cybersecurity-Vulnerability-and-Exposure-Report
- https://github.com/taielab/awesome-hacking-lists