漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MinIO: JWT Algorithm Confusion in OIDC Authentication
Vulnerability Description
MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
MinIO 授权问题漏洞
Vulnerability Description
MinIO是美国MinIO公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO RELEASE.2022-11-08T05-27-07Z至RELEASE.2026-03-17T21-25-16Z之前版本存在授权问题漏洞,该漏洞源于OpenID Connect身份验证存在JWT算法混淆,可能导致攻击者伪造任意身份令牌并获取任意策略的S3凭据。
CVSS Information
N/A
Vulnerability Type
N/A