CVE-2021-21287 Scanner
Detects 'Server-Side Request Forgery (SSRF)' vulnerability in MinIO affects v. < RELEASE.2021-01-30T00-20-58Z.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
768 sec
Scan only one
Domain, Ipv4
Toolbox
-
MinIO is a high-performance object storage software that allows users to store large amounts of unstructured data. Released under the Apache License v2.0, it is designed to operate in production environments and is compatible with a wide variety of platforms, programming languages, and applications. MinIO provides a highly scalable and distributed system that can accommodate billions of files and petabytes of data across multiple nodes in a single cluster.
However, MinIO’s security has been compromised with the discovery of the CVE-2021-21287 vulnerability. This vulnerability is a server-side request forgery (SSRF) attack that can be exploited through the software’s URL-import and -export functionalities. By tampering with these functions, attackers can modify URLs and manipulate how they are built, allowing them to access internal resources on the server and compromise its security.
When exploited, this vulnerability can lead to a wide range of malicious attacks. Attackers can gain access to confidential information such as AWS metadata, connect to internal HTTP-enabled databases, and perform post requests towards internal services that are not intended to be exposed. This ultimately leads to sensitive data being compromised, and businesses risk losing their reputation, trust, and customer base.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. By using this platform, businesses can identify security risks and take action to protect their data and infrastructure. Trusting the security of your digital assets to s4e.io ensures that your organization's needs are met with the latest cybersecurity technology and innovations.
REFERENCES