#VU64785 Improper Privilege Management in minio - CVE-2022-24842
Published: June 29, 2022
Vulnerability identifier: #VU64785
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-24842
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
minio
minio
Software vendor:
MinIO
MinIO
Description
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper privilege management. A remote non-admin user can create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials.
Remediation
Install updates from vendor's website.