Sign-up

ID

VAR-202302-1690


CVE

CVE-2023-25812


TITLE

Minio Inc.  of  Minio  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685

DESCRIPTION

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue. Minio Inc. of Minio Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-25812 // JVNDB: JVNDB-2023-004685 // VULMON: CVE-2023-25812

AFFECTED PRODUCTS

vendor:miniomodel:minioscope:ltversion:2023-02-17t17-52-43z

Trust: 1.0

vendor:miniomodel:minioscope:gteversion:2020-04-10t03-34-42z

Trust: 1.0

vendor:miniomodel:minioscope:eqversion:2020-04-10t03-34-42z that's all 2023-02-17t17-52-43z

Trust: 0.8

vendor:miniomodel:minioscope: - version: -

Trust: 0.8

vendor:miniomodel:minioscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-25812
value: HIGH

Trust: 1.8

security-advisories@github.com: CVE-2023-25812
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202302-1719
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security-advisories@github.com:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2023-25812
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812 // NVD: CVE-2023-25812 // CNNVD: CNNVD-202302-1719

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004685 // NVD: CVE-2023-25812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1719

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1719

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-25812

PATCH
title:MinIO Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228040
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202302-1719

EXTERNAL IDS
db:NVDid:CVE-2023-25812
Trust: 3.3
db:JVNDBid:JVNDB-2023-004685
Trust: 0.8
db:CNNVDid:CNNVD-202302-1719
Trust: 0.6
db:VULMONid:CVE-2023-25812
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-25812 // 
            
            
            
            JVNDB: JVNDB-2023-004685 // 
            
            
            
            NVD: CVE-2023-25812 // 
            
            
            
            CNNVD: CNNVD-202302-1719

REFERENCES
url:https://github.com/minio/minio/security/advisories/ghsa-c8fc-mjj8-fc63
Trust: 2.5
url:https://github.com/minio/minio/commit/a7188bc9d0f0a5ae05aaf1b8126bcd3cb3fdc485
Trust: 2.5
url:https://github.com/minio/minio/pull/16635
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-25812
Trust: 1.4
url:https://cxsecurity.com/cveshow/cve-2023-25812/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-25812 // 
            
            
            
            JVNDB: JVNDB-2023-004685 // 
            
            
            
            NVD: CVE-2023-25812 // 
            
            
            
            CNNVD: CNNVD-202302-1719

SOURCES
db:VULMONid:CVE-2023-25812
db:JVNDBid:JVNDB-2023-004685
db:NVDid:CVE-2023-25812
db:CNNVDid:CNNVD-202302-1719

LAST UPDATE DATE
2023-12-18T12:25:29.586000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-25812date:2023-02-22T00:00:00
db:JVNDBid:JVNDB-2023-004685date:2023-11-01T04:47:00
db:NVDid:CVE-2023-25812date:2023-11-07T04:09:12.860
db:CNNVDid:CNNVD-202302-1719date:2023-03-08T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-25812date:2023-02-21T00:00:00
db:JVNDBid:JVNDB-2023-004685date:2023-11-01T00:00:00
db:NVDid:CVE-2023-25812date:2023-02-21T21:15:11.507
db:CNNVDid:CNNVD-202302-1719date:2023-02-21T00:00:00