Source |
CVE Liste |
Identifiant |
3894436 |
Date de publication |
2021-12-27 22:15:07 (vue: 2021-12-28 00:06:29) |
Titre |
CVE-2021-43858 |
Texte |
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users. |
Envoyé |
Oui |
Condensat |
18z` 2021 27t07 43858 `deny` `release ability accepted adding allows api application apply body call can changes changing client cloud craft cve disable disabled explicit gaining hand higher http kubernetes malicious minio native passwords patch policy prior privileges removes request rule storage through type updating user users version vulnerability: workaround |
Tags |
|
Stories |
Uber
|
Notes |
|
Move |
|