Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.7
CVSSv3

CVE-2022-35919

Published: 01/08/2022 Updated: 10/10/2023
CVSS v3 Base Score: 2.7 | Impact Score: 1.4 | Exploitability Score: 1.2
VMScore: 0
Subscribe to Minio

Vulnerability Summary

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

minio minio

Vendor Advisories

Check Point Security Alerts: MinIO Path Traversal (CVE-2022-35919)
Check Point Reference: CPAI-2022-1940 Date Published: 22 Nov 2023 Severity: Low ...

Exploits

Exploit DB: Minio 2022-07-29T19-40-48Z Path Traversal
Minio version 2022-07-29T19-40-48Z suffers from a path traversal vulnerability ...

Github Repositories

https://github.com/ifulxploit/Minio-Security-Vulnerability-Checker

Program ini adalah alat (tool) yang dibuat untuk memeriksa keamanan sistem Minio terkait dengan kerentanan CVE-2022-35919

Minio Security Vulnerability Checker Deskripsi Program ini adalah alat (tool) yang dibuat untuk memeriksa keamanan sistem Minio terkait dengan kerentanan CVE-2022-35919 Alat ini dirancang untuk membantu pengguna dalam mendeteksi potensi kerentanan di dalam konfigurasi Minio mereka Cara Penggunaan Pastikan Anda telah menginstal Python (versi 3x) di sistem Anda Unduh skri

https://github.com/drparbahrami/Mining-Simulator-codes

Mining Simulator codes

Mining-Simulator-codes Mining Simulator codes import urllibparse import requests, json, re, datetime, argparse from miniocredentials import Credentials from miniosigner import sign_v4_s3 class MyMinio(): secure = False def __init__(self, base_url, access_key, secret_key): selfcredits = Credentials( access_key=access_key, secret_key=secret_key ) i

https://github.com/spart9k/INT-18

INT-18 В данном интенсиве решено несколько заданий Задание №1 a Ссылку на коммит, исправляющий уязвимость b Перечень значимых строк кода, относящихся к уязвимости c Регулярное выражение, позволяющее максимал

References

CWE-22https://github.com/minio/minio/commit/bc72e4226e669d98c8e0f3eccc9297be9251c692https://github.com/minio/minio/pull/15429https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvghttp://packetstormsecurity.com/files/175010/Minio-2022-07-29T19-40-48Z-Path-Traversal.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/175010/Minio-2022-07-29T19-40-48Z-Path-Traversal.htmlhttps://github.com/ifulxploit/Minio-Security-Vulnerability-Checkerhttps://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2022-1940.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook