CVE-2023-28434 - OpenCVE

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Minio	Minio

Configuration 1 [-]

cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5
https://github.com/minio/minio/pull/16849
https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-22T20:44:04.216Z

Updated: 2024-08-02T12:38:25.275Z

Reserved: 2023-03-15T15:59:10.053Z

Link: CVE-2023-28434

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-03-22T21:15:18.427

Modified: 2024-06-21T16:12:41.387

Link: CVE-2023-28434

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28434", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-15T15:59:10.053Z", "datePublished": "2023-03-22T20:44:04.216Z", "dateUpdated": "2024-08-02T12:38:25.275Z"}, "containers": {"cna": {"title": "MinIO is vulnerable to privilege escalation on Linux/MacOS", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}, {"name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC"], "url": "https://github.com/minio/minio/pull/16849"}, {"name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}], "affected": [{"vendor": "minio", "product": "minio", "versions": [{"version": "< RELEASE.2023-03-20T20-16-18Z", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-22T20:44:04.216Z"}, "descriptions": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. \n"}], "source": {"advisory": "GHSA-2pxw-r47w-4p8c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.275Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}, {"name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/minio/minio/pull/16849"}, {"name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}]}]}}

{"cisaActionDue": "2023-10-10", "cisaExploitAdd": "2023-09-19", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "MinIO Security Feature Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*", "matchCriteriaId": "63CBB19F-80FF-4D6B-ADF3-7BD9768861D0", "versionEndExcluding": "2023-03-20t20-16-18z", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. \n"}], "id": "CVE-2023-28434", "lastModified": "2024-06-21T16:12:41.387", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-22T21:15:18.427", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/minio/minio/pull/16849"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}]}