Main Vulnerability Database Exploits ID:9241 - Exploit for Improper Privilege Management in minio - CVE-2021-43858

ID:9241 - Exploit for Improper Privilege Management in minio - CVE-2021-43858

Published: August 9, 2023

Vulnerability identifier: #VU64694

Vulnerability risk: High

CVE-ID: CVE-2021-43858

CWE-ID: CWE-269

Exploitation vector: Remote access

Vulnerable software:
minio

Link to public exploit:

https://github.com/0rx1/cve-2021-43858

Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper privilege management in AddUser() function admin API. A remote user can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges.

Remediation

Install updates from vendor's website.

ID:9241 - Exploit for Improper Privilege Management in minio - CVE-2021-43858

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human