VDB
CVE-2023-27589
CVE-2023-27589
PUBLISHED
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`.
EPSS 0.32% · 55.3th percentile
Risk Scores
EPSS Score
0.32%
55.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | minio | 2020.12.23 |
| Bitnami | minio | 2020.12.23 |
Exploit Intelligence
- https://github.com/minio/minio/security/advisories/GHSA-9wfv-wmf7-6753 (circl)
- CIRCL seen: CVE-2023-27589 (circl-sighting)
- https://github.com/minio/minio/pull/16803 (nist-nvd)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
- CVE-2022-2588.yara (github-yara)
…and 9 more exploits
Timeline
- Mar 13, 2023 Fix PR Merged
- Mar 14, 2023 CVE Published
- Mar 14, 2023 PoC Published
- Mar 15, 2023 EPSS Score
- Mar 21, 2023 CVE Updated
- Apr 23, 2023 EPSS Score
- May 31, 2023 EPSS Score
- Jul 9, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 24, 2023 EPSS Score
- Nov 2, 2023 EPSS Score
- Dec 11, 2023 EPSS Score