CVE-2023-28432 Scanner
Detects 'Information Disclosure' vulnerability in MinIO affects v. >= RELEASE.2019-12-17T23-16-33Z, < RELEASE.2023-03-20T20-16-18Z.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
Minio is a widely used Multi-Cloud Object Storage framework that allows users to store, manage, and access data across multiple cloud platforms. It is widely used by organizations and individuals who require efficient and reliable storage for their digital assets. Minio offers features such as distributed object storage, data protection, and high availability, making it a popular choice for cloud storage solutions.
However, a critical vulnerability has been discovered in several versions of Minio. Identified as CVE-2023-28432, the vulnerability relates to the disclosure of sensitive information due to Minio returning all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`. This means that anyone with access to the environment variables can uncover crucial details about the stored data, potentially leading to sensitive information leaks and data breaches.
The consequences of this vulnerability can be severe and far-reaching. In the worst-case scenario, attackers can gain access to essential data, such as personal identifiable information, financial records, and intellectual property, leading to a significant loss of revenue, damage to reputation, and potential regulatory penalties. Thus, it is critical to take immediate action to eliminate the vulnerability and prevent further exploitation.
It is essential to understand the significance of cybersecurity and take proactive steps to protect digital assets against vulnerabilities such as CVE-2023-28432. At s4e.io, we offer advanced cybersecurity solutions that can help users identify and eliminate vulnerabilities in their digital assets in a quick and efficient manner. By leveraging our pro features, organizations and individuals can ensure that they remain protected against security threats, ensuring the safety of their critical data.
REFERENCES
- https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z
- https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
- https://twitter.com/Andrew___Morris/status/1639325397241278464
- https://viz.greynoise.io/tag/minio-information-disclosure-attempt
- https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean