5.3

CVE-2024-36107

EPSS 0.14%
Veröffentlicht 28.05.2024 19:15:10
Zuletzt bearbeitet 21.11.2024 09:21:37
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a specific bucket and also gain access to some amount of
information such as  `Last-Modified (of the latest version)`, `Etag (of the latest version)`, `x-amz-version-id (of the latest version)`, `Expires (metadata value of the latest version)`, `Cache-Control (metadata value of the latest version)`. This conditional check was being honored before validating if the anonymous access is indeed allowed on the metadata of an object. This issue has been addressed in commit `e0fe7cc3917`. Users must upgrade to RELEASE.2024-05-27T19-17-46Z for the fix. There are no known workarounds for this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerminio

≫

Produkt minio

Default Statusunknown

Version < RELEASE.2024-05-27T19-17-46Z

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Unmodified-Since

https://github.com/minio/minio/commit/e0fe7cc391724fc5baa85b45508f425020fe4272

https://github.com/minio/minio/pull/19810

https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9

https://nvd.nist.gov/vuln/detail/CVE-2024-36107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36107

EUVD