CVE-2023-27589 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-27589 PUBLISHED

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`.

EPSS 0.32% · 54.8th percentile

Risk Scores

EPSS Score

0.32%

54.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	minio	2020.12.23
Bitnami	minio	2020.12.23

Timeline

Mar 13, 2023 Fix PR Merged
Mar 14, 2023 CVE Published
Mar 14, 2023 PoC Published
Mar 15, 2023 EPSS Score
Mar 21, 2023 CVE Updated
Apr 22, 2023 EPSS Score
May 30, 2023 EPSS Score
Jul 7, 2023 EPSS Score
Aug 14, 2023 EPSS Score
Sep 22, 2023 EPSS Score
Oct 30, 2023 EPSS Score
Dec 7, 2023 EPSS Score

References

Open in Interactive Console →