Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
Vulnerability Description
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
MinIO Operator 安全漏洞
Vulnerability Description
MinIO Operator是MinIO公司的一个MinIO集群的简单Kubernetes运算符。 MinIO Operator 7.1.0之前版本存在安全漏洞,该漏洞源于未提供audiences字段,可能导致令牌被重放。
CVSS Information
N/A
Vulnerability Type
N/A