📦 Minio

This CVE describes a privilege escalation vulnerability in MinIO where newly created access keys inherit admin permissions from parent keys, allowing users to escalate their own S3 permissions. All Mi...

This vulnerability allows authenticated attackers with S3 permissions to bypass bucket name validation and write objects to any bucket in Minio object storage systems. It affects Minio deployments wit...

MinIO distributed deployments expose all environment variables including sensitive credentials like MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD through an information disclosure vulnerability. This affec...

MinIO object storage systems are vulnerable to a denial-of-service attack where HTTP clients can establish connections that never close, causing unending go-routine buildup that consumes system resour...

CVE-2021-43858 is a privilege escalation vulnerability in MinIO cloud storage software where a malicious client can craft HTTP API calls to update user policies and gain higher privileges. This affect...

MinIO versions before RELEASE.2021-03-04T00-53-13Z contain a policy bypass vulnerability where users with read-only permissions can create temporary upload URLs to bypass access controls. This affects...

This CVE describes a server-side request forgery (SSRF) vulnerability in MinIO object storage software. Attackers can manipulate URL parameters to make the server send requests to internal systems, po...