WEB APPLICATION VULNERABILITIES Standard & Premium

MinIO Information Disclosure (CVE-2023-28432)

Description

In a cluster deployment, MinIO discloses all environment variables. A successful attack of this vulnerability may result in takeover of the server.

Remediation

Upgrade to the latest version of MinIO

References

Information Disclosure in Cluster Deployment

Related Vulnerabilities

WordPress Plugin Membership Simplified Arbitrary File Download (1.58)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.6.2)

WordPress W3 Total Cache plugin predictable cache filenames

Drupal Core 8.9.x Information Disclosure (8.9.0 - 8.9.5)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

Severity

High

Classification

CVE-2023-28432 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure