CVE-2023-28432 PoC — MinIO 信息泄露漏洞

Description

MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432) 

介绍

# CVE-2023-28432
## MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432) 

**Chinese name: MinIO verify 接口敏感信息泄露漏洞（CVE-2023-28432）**


**Description** : MinIO is an open source object storage service that is compatible with the Amazon S3 API and can be used in private or public clouds. MinIO is a high-performance, high-availability distributed storage system that can store large amounts of data and provide high-speed read and write capabilities for data. MinIO adopts a distributed architecture and can run on multiple nodes to realize distributed storage and processing of data.

**Impact** : There is a sensitive information disclosure vulnerability in the MiniO verify interface, which allows attackers to read sensitive system information by constructing special URL addresses.</span>

![](https://s3.bmp.ovh/imgs/2023/03/24/f201266697539073.gif)


**[Goby Official URL: https://gobies.org/](https://gobies.org/)** 

If you have a functional type of issue, you can raise an issue on GitHub or in the discussion group below:

1. GitHub issue: https://github.com/gobysec/Goby/issues
2. Telegram Group: http://t.me/gobies (Group benefits: enjoy the version update 1 month in advance) 
3. Telegram Channel: https://t.me/joinchat/ENkApMqOonRhZjFl (Channel benefits: enjoy the version update 1 month in advance) 
4. WeChat Group: First add my personal WeChat: **gobyteam**, I will add everyone to the official WeChat group of Goby. (Group benefits: enjoy the version update 1 month in advance) 

文件快照

备注