CVE-2023-28432 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-28432 PUBLISHED KEV

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

EPSS 94.00% · 99.9th percentile

Risk Scores

EPSS Score

94.00%

99.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	minio	2019.12.17
Bitnami	minio	2019.12.17

Timeline

CVE Published
Mar 20, 2023 Metasploit Module
Mar 22, 2023 PoC Published
Mar 23, 2023 EPSS Score
Mar 23, 2023 Nuclei Template
Mar 23, 2023 Fix Commit
Mar 23, 2023 PoC Published
Mar 23, 2023 PoC Published
Mar 24, 2023 PoC Published
Mar 24, 2023 PoC Published
Mar 29, 2023 EPSS Score
Mar 29, 2023 PoC Published

References

Open in Interactive Console →