Minio - Information Disclosure (CVE-2023-28432)
- CVSSv3 Score
- Vulnerability description
Minio server is vulnerable to CVE-2023-28432, an Information Disclosure vulnerability in the
/minio/bootstrap/v1/verifyendpoint. In a cluster deployment, MinIO returns all environment variables, including
MINIO_ROOT_PASSWORD, resulting in Information Disclosure.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
Upgrade the Minio to the latest version.
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Vuln date
- Mar 2023
- Published at
- Updated at
- Software Type
- Multi-Cloud Object Storage Framework