PT-2023-2373 · Minio+2 · Minio+2

Harshavardhana

Publicado

2023-03-13

Atualizado

2024-12-26

CVE-2023-27589

CVSS v2.0

7.7

Alta

Vetor

AV:N/AC:L/Au:M/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Minio versions RELEASE.2020-12-23T02-24-12Z through RELEASE.2023-03-13T19-46-17Z

Description The issue is related to a user with consoleAdmin permissions potentially creating a user that matches the root credential accessKey. Once this user is created successfully, the root credential ceases to work appropriately. Exploitation of this issue may allow a remote attacker to disable access to the root credentials.

Recommendations For versions RELEASE.2020-12-23T02-24-12Z through RELEASE.2023-03-13T19-46-17Z, update to RELEASE.2023-03-13T19-46-17Z or later to resolve the issue. As a temporary workaround, consider adding higher privileges to the disabled root user via mc admin policy set.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

ALT-PU-2023-1522

ALT-PU-2023-1908

ALT-PU-2023-2074

ALT-PU-2024-17529

BDU:2023-02148

BIT-MINIO-2023-27589

CVE-2023-27589

GHSA-9WFV-WMF7-6753

Produtos afetados

Alt Linux

Minio

Red Os

PT-2023-2373 · Minio+2 · Minio+2

CVE-2023-27589

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19