ID

VAR-202302-1690


CVE

CVE-2023-25812


TITLE

Minio Inc.  of  Minio  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685

DESCRIPTION

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue. Minio Inc. of Minio Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-25812 // JVNDB: JVNDB-2023-004685 // VULMON: CVE-2023-25812

AFFECTED PRODUCTS

vendor:miniomodel:minioscope:ltversion:2023-02-17t17-52-43z

Trust: 1.0

vendor:miniomodel:minioscope:gteversion:2020-04-10t03-34-42z

Trust: 1.0

vendor:miniomodel:minioscope:eqversion:2020-04-10t03-34-42z that's all 2023-02-17t17-52-43z

Trust: 0.8

vendor:miniomodel:minioscope: - version: -

Trust: 0.8

vendor:miniomodel:minioscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-25812
value: HIGH

Trust: 1.8

security-advisories@github.com: CVE-2023-25812
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202302-1719
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security-advisories@github.com:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2023-25812
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812 // NVD: CVE-2023-25812 // CNNVD: CNNVD-202302-1719

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1719

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1719

CONFIGURATIONS

sources: NVD: CVE-2023-25812

PATCH

title:MinIO Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228040

Trust: 0.6

sources: CNNVD: CNNVD-202302-1719

EXTERNAL IDS

db:NVDid:CVE-2023-25812

Trust: 3.3

db:JVNDBid:JVNDB-2023-004685

Trust: 0.8

db:CNNVDid:CNNVD-202302-1719

Trust: 0.6

db:VULMONid:CVE-2023-25812

Trust: 0.1

sources: VULMON: CVE-2023-25812 // JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812 // CNNVD: CNNVD-202302-1719

REFERENCES

url:https://github.com/minio/minio/security/advisories/ghsa-c8fc-mjj8-fc63

Trust: 2.5

url:https://github.com/minio/minio/commit/a7188bc9d0f0a5ae05aaf1b8126bcd3cb3fdc485

Trust: 2.5

url:https://github.com/minio/minio/pull/16635

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-25812

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-25812/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-25812 // JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812 // CNNVD: CNNVD-202302-1719

SOURCES

db:VULMONid:CVE-2023-25812
db:JVNDBid:JVNDB-2023-004685
db:NVDid:CVE-2023-25812
db:CNNVDid:CNNVD-202302-1719

LAST UPDATE DATE

2023-12-18T12:25:29.586000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-25812date:2023-02-22T00:00:00
db:JVNDBid:JVNDB-2023-004685date:2023-11-01T04:47:00
db:NVDid:CVE-2023-25812date:2023-11-07T04:09:12.860
db:CNNVDid:CNNVD-202302-1719date:2023-03-08T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-25812date:2023-02-21T00:00:00
db:JVNDBid:JVNDB-2023-004685date:2023-11-01T00:00:00
db:NVDid:CVE-2023-25812date:2023-02-21T21:15:11.507
db:CNNVDid:CNNVD-202302-1719date:2023-02-21T00:00:00