VYPR
Unrated severityNVD Advisory· Published Oct 13, 2021· Updated Aug 4, 2024

Bypassing policy restrictions on regular users

CVE-2021-41137

Description

Minio is a Kubernetes native application for cloud storage. All users on release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in RELEASE.2021-10-13T00-23-17Z. A downgrade back to release RELEASE.2021-10-08T23-58-24Z is available as a workaround.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Minio/Miniollm-fuzzy2 versions
    = RELEASE.2021-10-10T16-53-30Z+ 1 more
    • (no CPE)range: = RELEASE.2021-10-10T16-53-30Z
    • (no CPE)range: = RELEASE.2021-10-10T16-53-30Z

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.