CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.8%
All users on Windows are impacted. MinIO fails to filter the \
character, which allows for arbitrary object placement across
buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject
in a specific bucket, can create an admin user.
There are two patches that fix this problem comprehensively
commit b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc
Author: Harshavardhana <harsha@minio.io>
Date: Mon Mar 20 13:16:00 2023 -0700
reject object names with '\' on windows (#16856)
commit 8d6558b23649f613414c8527b58973fbdfa4d1b8
Author: Harshavardhana <harsha@minio.io>
Date: Mon Mar 20 00:35:25 2023 -0700
fix: convert '\' to '/' on windows (#16852)
There are no known workarounds
The vulnerable code:
// minio/cmd/generic-handlers.go
// Check if the incoming path has bad path components,
// such as ".." and "."
// SlashSeparator -> /
// dotdotComponent -> ..
// dotComponent -> .
func hasBadPathComponent(path string) bool {
path = strings.TrimSpace(path)
for _, p := range strings.Split(path, SlashSeparator) {
switch strings.TrimSpace(p) {
case dotdotComponent:
return true
case dotComponent:
return true
}
}
return false
}
github.com/minio/minio
github.com/minio/minio/commit/8d6558b23649f613414c8527b58973fbdfa4d1b8
github.com/minio/minio/commit/b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc
github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z
github.com/minio/minio/security/advisories/GHSA-w23q-4hw3-2pp6
nvd.nist.gov/vuln/detail/CVE-2023-28433
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.8%