Lucene search

RedosROS-20240410-19

HistoryApr 10, 2024 - 12:00 a.m.

ROS-20240410-19

2024-04-1000:00:00

redos.red-soft.ru

minio

object storage

access differentiation

vulnerability

escalation

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

59.1%

JSON

The MinIO object storage server vulnerability is related to flaws in access differentiation based on the
UpdateServiceAccountAdminAction policy. Exploitation of the vulnerability could allow an attacker,
acting remotely to escalate their privileges

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64minio< 20230210T184839Z-4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	minio	< 20230210T184839Z-4	UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

59.1%

JSON

Related for ROS-20240410-19