CVE-2020-11012

ADVISORY - nist

Summary

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

EPSS Score⁠: 0.00192 (0.409)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-305⁠

Authentication Bypass by Primary Weakness

CWE-755⁠

Improper Handling of Exceptional Conditions

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-755⁠

Improper Handling of Exceptional Conditions

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

6 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2020-11012⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-305⁠CWE-755⁠

CVSS SCORE

9.3critical

Alpine

CREATED

6 years ago

UPDATED

12 days ago

ADVISORY IDCVE-2020-11012⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

6 years ago

UPDATED

4 years ago

ADVISORY ID

CVE-2020-11012

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-755⁠CWE-937⁠

CVSS SCORE

7.5high

Bitnami

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

BIT-2020-11012

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Bitnami

CREATED

2 years ago

UPDATED

10 months ago

ADVISORY ID

BIT-minio-2020-11012

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-846x-44xp-j5v4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-q6h3-c3c6-jjjr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

MINI-8gv6-436h-p8gj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY