CVE-2023-28434
ADVISORY - githubSummary
Impact
An attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials with arn:aws:s3:::* permission, as well as enabled Console API access.
Patches
commit 67f4ba154a27a1b06e48bfabda38355a010dfca5
Author: Aditya Manthramurthy <donatello@users.noreply.github.com>
Date: Sun Mar 19 21:15:20 2023 -0700
fix: post policy request security bypass (#16849)
Workarounds
Browser API access must be enabled turning off MINIO_BROWSER=off allows for this workaround.
References
The vulnerable code:
// minio/cmd/generic-handlers.go
func setRequestValidityHandler(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// ...
// For all other requests reject access to reserved buckets
bucketName, _ := request2BucketObjectName(r)
if isMinioReservedBucket(bucketName) || isMinioMetaBucket(bucketName) {
if !guessIsRPCReq(r) && !guessIsBrowserReq(r) && !guessIsHealthCheckReq(r) && !guessIsMetricsReq(r) && !isAdminReq(r) && !isKMSReq(r) {
if ok {
tc.FuncName = "handler.ValidRequest"
tc.ResponseRecorder.LogErrBody = true
}
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL)
return
}
}
// ...
EPSS Score: 0.39031 (0.972)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Privilege Management
ADVISORY - github
Improper Privilege Management
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-28434
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-2pxw-r47w-4p8c
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2023-28434
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-28434
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highBitnami
CREATED
UPDATED
ADVISORY ID
BIT-2023-28434
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighBitnami
CREATED
UPDATED
ADVISORY ID
BIT-minio-2023-28434
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-28m3-fgwh-2q2w
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-hp8q-g53x-887c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
intheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-28434
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CISA
CREATED
UPDATED
ADVISORY ID
CVE-2023-28434
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-4h7r-f3w5-mrq6
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-