Sign In

CVE-2022-35919

ADVISORY - nist

Summary

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the admin:ServerUpdate action for your admin users via IAM policies.

EPSS Score: 0.08284 (0.921)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2022-35919
EXPLOITABILITY SCORE

3.1

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

7.4high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2022-35919
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2022-35919

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-22CWE-937

CVSS SCORE

2.7low

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-2022-35919

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-minio-2022-35919

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

2.7low

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-58g9-2g6f-r2xv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-hccr-vqh4-jpw8

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2022-35919
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-f8q6-hx72-9gp2

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY