CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.0%
A vulnerability in the PostPolicyBucket component of the MinIO object storage server is related to errors in privilege management.
privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code by sending specially crafted HTTP requests
The MinIO Object Storage Server vulnerability is due to access control flaws. Exploitation
of the vulnerability could allow a remote attacker to create a user with administrative privileges
administrator
A vulnerability in the MinIO Object Storage Server is related to the use of headers to determine
whether an object exists on the server in a particular segment. Exploitation of the vulnerability could allow
an attacker acting remotely to disclose sensitive information
The MinIO object storage server vulnerability is related to the return of all environment variables, including
“MINIO_SECRET_KEY” and “MINIO_ROOT_PASSWORD.” Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information