VYPR
High severityCISA KEVNVD Advisory· Published Mar 22, 2023· Updated Oct 21, 2025

MinIO is vulnerable to privilege escalation on Linux/MacOS

CVE-2023-28434

Description

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with arn:aws:s3:::* permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off MINIO_BROWSER=off.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/minio/minioGo
< 0.0.0-2023032004150.0.0-202303200415

Affected products

19

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.