CVE-2023-28434 - Vulnerability Details - OpenCVE

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Sept. 19, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Minio	Minio

Configuration 1 [-]

cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5
https://github.com/minio/minio/pull/16849
https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c

History

Tue, 28 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-09-19'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-22T20:44:04.216Z

Updated: 2025-01-28T21:18:50.717Z

Reserved: 2023-03-15T15:59:10.053Z

Link: CVE-2023-28434

Vulnrichment

Updated: 2024-08-02T12:38:25.275Z

NVD

Status : Modified

Published: 2023-03-22T21:15:18.427

Modified: 2024-11-21T07:55:03.533

Link: CVE-2023-28434

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28434", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-15T15:59:10.053Z", "datePublished": "2023-03-22T20:44:04.216Z", "dateUpdated": "2025-01-28T21:18:50.717Z"}, "containers": {"cna": {"title": "MinIO is vulnerable to privilege escalation on Linux/MacOS", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}, {"name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC"], "url": "https://github.com/minio/minio/pull/16849"}, {"name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}], "affected": [{"vendor": "minio", "product": "minio", "versions": [{"version": "< RELEASE.2023-03-20T20-16-18Z", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-22T20:44:04.216Z"}, "descriptions": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. \n"}], "source": {"advisory": "GHSA-2pxw-r47w-4p8c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.275Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}, {"name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/minio/minio/pull/16849"}, {"name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28434", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-28T21:15:57.293847Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-19", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28434"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T21:18:50.717Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/minio/minio/pull/16849", "name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.275Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28434", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-28T21:17:47.891249Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-19", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28434"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T21:16:20.531Z"}}], "cna": {"title": "MinIO is vulnerable to privilege escalation on Linux/MacOS", "source": {"advisory": "GHSA-2pxw-r47w-4p8c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "minio", "product": "minio", "versions": [{"status": "affected", "version": "< RELEASE.2023-03-20T20-16-18Z"}]}], "references": [{"url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "name": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/minio/minio/pull/16849", "name": "https://github.com/minio/minio/pull/16849", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "name": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. \n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-22T20:44:04.216Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28434", "state": "PUBLISHED", "dateUpdated": "2025-01-28T21:18:50.717Z", "dateReserved": "2023-03-15T15:59:10.053Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-03-22T20:44:04.216Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-10-10", "cisaExploitAdd": "2023-09-19", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "MinIO Security Feature Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*", "matchCriteriaId": "63CBB19F-80FF-4D6B-ADF3-7BD9768861D0", "versionEndExcluding": "2023-03-20t20-16-18z", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. \n"}], "id": "CVE-2023-28434", "lastModified": "2024-11-21T07:55:03.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-22T21:15:18.427", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/minio/minio/pull/16849"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/minio/minio/commit/67f4ba154a27a1b06e48bfabda38355a010dfca5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/minio/minio/pull/16849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}