Description

In a cluster deployment, MinIO discloses all environment variables. A successful attack of this vulnerability may result in takeover of the server.

Remediation

Upgrade to the latest version of MinIO

References

Information Disclosure in Cluster Deployment

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.8)

Session ID in URL

WordPress Plugin History Collection Arbitrary File Download (1.1.1)

WordPress Plugin Simple History Information Disclosure (1.0.7)

WordPress Plugin BulletProof Security Information Disclosure (5.1)

Severity

High

Classification

CVE-2023-28432 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure