VYPR
Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Aug 4, 2024

Authentication bypass MinIO Admin API

CVE-2020-11012

Description

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.