Bitnami package
minio
pkg:bitnami/minio
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24842 | — | >= 2021.12.09, < 2022.04.12 | 2022.04.12 | Apr 12, 2022 | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated | ||
| CVE-2021-43858 | — | < 2021.12.27 | 2021.12.27 | Dec 27, 2021 | MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23 | ||
| CVE-2021-21390 | — | < 2021.03.17 | 2021.03.17 | Mar 19, 2021 | MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have i | ||
| CVE-2021-21362 | — | < 2021.03.04 | 2021.03.04 | Mar 8, 2021 | MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone i | ||
| CVE-2021-21287 | — | < 2021.01.30 | 2021.01.30 | Feb 1, 2021 | MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data t | ||
| CVE-2020-11012 | — | < 2020.04.23 | 2020.04.23 | Apr 23, 2020 | MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret |
- CVE-2022-24842Apr 12, 2022affected >= 2021.12.09, < 2022.04.12fixed 2022.04.12
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated
- CVE-2021-43858Dec 27, 2021affected < 2021.12.27fixed 2021.12.27
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23
- CVE-2021-21390Mar 19, 2021affected < 2021.03.17fixed 2021.03.17
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have i
- CVE-2021-21362Mar 8, 2021affected < 2021.03.04fixed 2021.03.04
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone i
- CVE-2021-21287Feb 1, 2021affected < 2021.01.30fixed 2021.01.30
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data t
- CVE-2020-11012Apr 23, 2020affected < 2020.04.23fixed 2020.04.23
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret
Page 2 of 2