HomePentest-Tools.com Logo

Minio - Information Disclosure (CVE-2023-28432)

Severity
CVSSv3 Score
7.5
Vulnerability description

Minio server is vulnerable to CVE-2023-28432, an Information Disclosure vulnerability in the /minio/bootstrap/v1/verify endpoint. In a cluster deployment, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in Information Disclosure.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Recommendation

Upgrade the Minio to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Mar 2023
Published at
Updated at
Software Type
Multi-Cloud Object Storage Framework
Vendor
Minio
Product
Minio