Vonera

**Name of the Vulnerable Software and Affected Versions** MinIO versions prior to RELEASE.2021-03-04T00-53-13Z **Description** The issue is related to authorization errors in MinIO, an open-source high performance object storage service compatible with Amazon S3 cloud storage. It allows a remote attacker to bypass a readOnly policy by creating a temporary 'mc share upload' URL, potentially impacting the integrity of protected information. Everyone using MinIO multi-users is impacted. **Recommendations** For versions prior to RELEASE.2021-03-04T00-53-13Z, update to version RELEASE.2021-03-04T00-53-13Z to resolve the issue. As a temporary workaround, consider disabling uploads with `Content-Type: multipart/form-data` by using a proxy in front of MinIO, as mentioned in the S3 API RESTObjectPOST docs.