WEB APPLICATION VULNERABILITIES Standard & Premium

MinIO Information Disclosure (CVE-2023-28432)

Description

In a cluster deployment, MinIO discloses all environment variables. A successful attack of this vulnerability may result in takeover of the server.

Remediation

Upgrade to the latest version of MinIO

References

Information Disclosure in Cluster Deployment

Related Vulnerabilities

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)

RethinkDB administrative interface publicly exposed

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.11)

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

Severity

High

Classification

CVE-2023-28432 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure