CVE

CVE-2023-28432

Minio Information Disclosure in Cluster Deployment

CVE

CVE-2023-28432

Minio Information Disclosure in Cluster Deployment

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY

and MINIOROOTPASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28432.json, https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z, https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q, https://nvd.nist.gov/vuln/detail/CVE-2023-28432, https://twitter.com/Andrew__Morris/status/1639325397241278464, https://viz.greynoise.io/tag/minio-information-disclosure-attempt, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?fieldcve=CVE-2023-28432, https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.94113%

EPSS Percentile

0.99904%

Introduced Version

9bb0869b737df8c2eb8a1451910581dee01fc72d

Fix Available

05444a0f6af8389b9bb85280fc31337c556d4300

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2023-28432

CVE-2023-28432

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly