Unrated severityNVD Advisory· Published Apr 23, 2020· Updated Aug 4, 2024

Authentication bypass MinIO Admin API

CVE-2020-11012

Description

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

Affected products

osv-coords9 versions
pkg:apk/chainguard/minio pkg:apk/chainguard/minio-bitnami-2024-compat pkg:apk/chainguard/minio-bitnami-2025-compat pkg:apk/chainguard/minio-iamguarded-2025-compat pkg:apk/wolfi/minio pkg:apk/wolfi/minio-bitnami-2024-compat pkg:apk/wolfi/minio-bitnami-2025-compat pkg:apk/wolfi/minio-iamguarded-2025-compat pkg:bitnami/minio
< 0+ 8 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2020.04.23
Minio/Miniov5
Range: < RELEASE.2020-04-23T00-58-49Z

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923mitrex_refsource_MISC
github.com/minio/minio/pull/9422mitrex_refsource_MISC
github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Zmitrex_refsource_MISC
github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000