漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
Vulnerability Description
MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* headers on a normal PutObject request. This issue has been patched in version RELEASE.2026-03-26T21-24-40Z.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
MinIO 授权问题漏洞
Vulnerability Description
MinIO是美国MinIO公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。 MinIO RELEASE.2026-03-26T21-24-40Z之前版本存在授权问题漏洞,该漏洞源于extractMetadataFromMime()存在缺陷,可能导致任何具有s3:PutObject权限的经过身份验证的用户通过发送特制的X-Minio-Replication-*标头将内部服务器端加密元数据注入对象。
CVSS Information
N/A
Vulnerability Type
N/A