MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Mon, 16 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately. | |
Title | Privilege escalation in IAM import API in MinIO | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-16T20:02:00.856Z
Updated: 2024-12-16T20:18:46.452Z
Reserved: 2024-12-13T17:39:32.960Z
Link: CVE-2024-55949
Vulnrichment
Updated: 2024-12-16T20:18:38.950Z
NVD
Status : Received
Published: 2024-12-16T20:15:13.683
Modified: 2024-12-16T20:15:13.683
Link: CVE-2024-55949
Redhat