One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8318627 |
| Date de publication | 2023-03-14 19:15:10 (vue: 2023-03-14 21:08:17) |
| Titre | CVE-2023-27589 |
| Texte | Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`. |
| Notes | |
| Envoyé | Oui |
| Condensat | 12z 13t19 17z 2020 2023 23t02 27589 `accesskey` `consoleadmin` `mc adding admin appropriately are around can ceases cloud create created credential cve disabled framework higher issue matches minio multi object once patched permissions policy potentially prior privileges release root set` starting storage successfully user ways work |
| Tags | Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.