Published: 23/04/2020 Updated: 26/10/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

Vulnerable Product	Search on Vulmon	Subscribe to Product
minio minio

codeql-ctf-go-return Extension project for the Go and Don't Return CodeQL CTF This repository is intended for use by contestants in the March 2021 CodeQL CTF If you are unfamiliar, first read the contest documentation This is a set of example programs that exhibit coding mistakes similar to CVE-2020-11012 found in MinIO, but which are in various ways trickier to accurate

Extension project for the Go and Don't Return CodeQL CTF

codeql-ctf-go-return Extension project for the Go and Don't Return CodeQL CTF This repository is intended for use by contestants in the March 2021 CodeQL CTF If you are unfamiliar, first read the contest documentation This is a set of example programs that exhibit coding mistakes similar to CVE-2020-11012 found in MinIO, but which are in various ways trickier to accurate

CWE-755 https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923 https://github.com/minio/minio/pull/9422 https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z https://nvd.nist.gov https://github.com/ItsNotAshley/Jello https://github.com/github/codeql-ctf-go-return

CVE-2020-11012

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect