Minio

Minio

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-62506

  • EPSS 0.02%
  • Veröffentlicht 16.10.2025 21:17:28
  • Zuletzt bearbeitet 23.10.2025 19:15:51

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypas...

8.7

CVE-2025-31489

  • EPSS 4.85%
  • Veröffentlicht 03.04.2025 19:36:09
  • Zuletzt bearbeitet 07.04.2025 14:18:34

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given ...

4.6

CVE-2025-27414

  • EPSS 0.22%
  • Veröffentlicht 28.02.2025 21:15:27
  • Zuletzt bearbeitet 28.02.2025 21:15:27

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unautho...

9.3

CVE-2024-55949

  • EPSS 0.23%
  • Veröffentlicht 16.12.2024 20:15:13
  • Zuletzt bearbeitet 16.12.2024 20:15:13

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This i...

5.3

CVE-2024-36107

  • EPSS 0.14%
  • Veröffentlicht 28.05.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 09:21:37

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. `If-Modified-Since` and `If-Unmodified-Since` headers when used with anonymous requests by sending a random object name requests can be used to determin...

8.8

CVE-2024-24747

Exploit
  • EPSS 21.81%
  • Veröffentlicht 31.01.2024 22:15:54
  • Zuletzt bearbeitet 21.11.2024 08:59:36

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, th...

8.8

CVE-2023-28434

Warnung Exploit
  • EPSS 39.03%
  • Veröffentlicht 22.03.2023 21:15:18
  • Zuletzt bearbeitet 26.02.2026 15:03:51

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out t...

8.8

CVE-2023-28433

  • EPSS 0.29%
  • Veröffentlicht 22.03.2023 21:15:18
  • Zuletzt bearbeitet 21.11.2024 07:55:03

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user...

7.5

CVE-2023-28432

Warnung Exploit
  • EPSS 93.97%
  • Veröffentlicht 22.03.2023 21:15:18
  • Zuletzt bearbeitet 24.10.2025 14:46:55

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSW...

6.5

CVE-2023-27589

Exploit
  • EPSS 0.12%
  • Veröffentlicht 14.03.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 07:53:12

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. ...