Lucene search
Veracode Vulnerability DatabaseVERACODE:39776HistoryMar 15, 2023 - 1:47 a.m.
Privilege Escalation
2023-03-1501:47:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
minio
privilege escalation
adduser
importiam
admin-handlers-users.go
consoleadmin
accesskey
0.001 Low
EPSS
Percentile
30.5%
github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root credential ceases to work.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/minio/minio | le | RELEASE.2023-03-09T23-16-13Z | |
| github.com/minio/minio | le | RELEASE.2023-03-09T23-16-13Z |
Related
nvd
nvd
CVE-2023-27589
2023-03-14 19:15:10
cvelist
cvelist
cve
cve
CVE-2023-27589
2023-03-14 19:15:10
redos
redos
ROS-20230411-03
2023-04-11 00:00:00
prion
prion
Design/Logic Flaw
2023-03-14 19:15:00
osv
osv
BIT-minio-2023-27589
2024-03-06 10:56:49
CVE-2023-27589
2023-03-14 19:15:10
