Main Vulnerability Database Exploits ID:9290 - Exploit for Improper access control in minio - CVE-2023-28434

ID:9290 - Exploit for Improper access control in minio - CVE-2023-28434

Published: September 5, 2023

Vulnerability identifier: #VU80422

Vulnerability risk: Medium

CVE-ID: CVE-2023-28434

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
minio

Link to public exploit:

https://github.com/Mr-xn/CVE-2023-28432

Vulnerability description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user with "arn:aws:s3:::*" permission and enabled Console API access can bypass metadata bucket name checking and put an object into any bucket while processing "PostPolicyBucket".

Remediation

Install updates from vendor's website.

ID:9290 - Exploit for Improper access control in minio - CVE-2023-28434

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human