Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`
and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
References
| Link | Resource |
|---|---|
| https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z | Release Notes |
| https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q | Exploit Vendor Advisory |
| https://twitter.com/Andrew___Morris/status/1639325397241278464 | Third Party Advisory |
| https://viz.greynoise.io/tag/minio-information-disclosure-attempt | Third Party Advisory |
| https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean | Third Party Advisory |
Configurations
History
27 Jun 2024, 19:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q - Exploit, Vendor Advisory |
07 Nov 2023, 04:10
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. |
Information
Published : 2023-03-22 21:15
Updated : 2024-06-27 19:30
NVD link : CVE-2023-28432
Mitre link : CVE-2023-28432
CVE.ORG link : CVE-2023-28432
JSON object : View
Products Affected
minio
- minio
CWE