Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User privilege escalation in MinIO
Vulnerability Description
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Minio MinIO 安全漏洞
Vulnerability Description
Minio MinIO是美国MinIO(Minio)公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO 存在安全漏洞,该漏洞源于。MinIO是Kubernetes云存储的本地应用程序。版本发布之前。,恶意客户端可以手工创建一个HTTP API调用,允许更新用户的策略并获得更高的权限。版本号为RELEASE的补丁。更改已接受的请求体类型,并删除通过此API应用策略更改的能力。对于这个漏洞有一个解决方案:可以通过添加一个显式的“Deny”规则来禁用用
CVSS Information
N/A
Vulnerability Type
N/A