One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3510255 |
| Date de publication | 2021-10-13 14:15:07 (vue: 2021-10-13 17:05:46) |
| Titre | CVE-2021-41137 |
| Texte | Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in `RELEASE.2021-10-13T00-23-17Z`. A downgrade back to release `RELEASE.2021-10-08T23-58-24Z` is available as a workaround. |
| Notes | |
| Envoyé | Oui |
| Condensat | 08t23 10t16 13t00 17z` 2021 24z` 30z` 41137 `release accounts affected all application are available back bypassing checkkeyvalid cloud cve did downgrade fixed have involves issue kubernetes minio native normally not owner policy properly regular release restriction restrictions return rootcreds security service should storage sts svc token true users version vulnerability who work workaround |
| Tags | Vulnerability |
| Stories | Uber |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.