CVE-2021-21362
ADVISORY - nistSummary
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with Content-Type: multipart/form-data as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.
EPSS Score: 0.00103 (0.282)
Common Weakness Enumeration (CWE)
ADVISORY - gitlab
ADVISORY - redhat
Improper Authentication
NIST
CVSS SCORE
7.7highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2021-21362
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Bitnami
CREATED
UPDATED
ADVISORY ID
BIT-2021-21362
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-minio-2021-21362
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.5mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2021-21362
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-6wc4-hrgx-6fjp
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-xf2g-5m8v-cxw5
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2021-21362
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-fgpm-38vg-2j6g
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-