Lucene search
PRIOn knowledge basePRION:CVE-2021-43858HistoryDec 27, 2021 - 10:15 p.m.
Design/Logic Flaw
2021-12-2722:15:00
PRIOn knowledge base
www.prio-n.com
17
MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit Deny rule to disable the API for users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| minio | eq | < 20211227t72318z |
Related
cve
cve
CVE-2021-43858
2021-12-27 22:15:07
nessus
nessus
osv
osv
CVE-2021-43858
2021-12-27 22:15:07
BIT-minio-2021-43858
2024-03-06 10:57:38
alpinelinux
alpinelinux
CVE-2021-43858
2021-12-27 22:15:07
freebsd
freebsd
minio -- User privilege escalation
2021-12-27 00:00:00
redhatcve
redhatcve
CVE-2021-43858
2021-12-30 18:21:52
cvelist
cvelist
CVE-2021-43858 User privilege escalation in MinIO
2021-12-27 21:20:11
githubexploit
githubexploit
Exploit for Improper Privilege Management in Minio
2022-01-03 17:11:54
Exploit for CVE-2021-43858
2022-01-03 14:12:35
Exploit for Improper Privilege Management in Minio
2023-04-12 07:34:03
cnvd
cnvd
Minio MinIO has an unspecified vulnerability
2021-12-29 00:00:00
nvd
nvd
CVE-2021-43858
2021-12-27 22:15:07
ibm
ibm
