github.com/minio/minio is vulnerable to path traversal. A privileged attacker with admin:ServerUpdate
permission is able to trigger an error response, which in turn returns the content of the path specified, allowing the attacker to gain access to contents at any arbitrary paths that are readable by the MinIO
process.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/minio/minio | le | RELEASE.2020-11-10T21-02-24Z | |
github.com/minio/minio | le | RELEASE.2020-11-10T21-02-24Z |