pkg:Bitnami/minio

共 26 筆 CVEHIGH14MEDIUM4LOW1

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2023-28434⚠ KEVPrivilege Escalation on Linux/MacOS
    from 0, < 2023.03.20
  • HIGH7.5CVE-2023-28432⚠ KEVMinio Information Disclosure in Cluster Deployment
    >= 2019.12.17, < 2023.03.20
  • HIGH8.8CVE-2021-43858User privilege escalation in MinIO
    from 0, < 2021.12.27
  • HIGH8.8CVE-2022-24842Improper Privilege Management in MinIO
    >= 2021.12.09, < 2022.04.12
  • HIGH8.8CVE-2023-25812Allowed DELETE on resources on object locked buckets under Governance mode in Minio
    >= 2020.04.10, < 2023.02.17
  • HIGH8.8CVE-2024-24747Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio
    >= 2024.1.31, < 2024.2.4
  • HIGH8.8CVE-2023-28433Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
    from 0, < 2023.03.20
  • HIGH8.2CVE-2026-41145MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
    >= 2023.05.18
  • HIGH8.2CVE-2026-40344MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
    >= 2023.05.18
  • HIGH8.1CVE-2025-62506MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
    from 0, < 2025.10.15
  • HIGH7.7CVE-2021-21287Server-Side Request Forgery in MinIO Browser API
    from 0, < 2021.01.30
  • HIGH7.5CVE-2020-11012Authentication bypass MinIO Admin API
    from 0, < 2020.04.23
  • HIGH7.5CVE-2022-31028Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO
    >= 2019.09.25, < 2022.06.02
  • HIGH7.1CVE-2026-34204MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio
    >= 2024.03.30
  • MEDIUM6.5CVE-2021-21362Bypassing readOnly policy by creating a temporary 'mc share upload' URL
    from 0, < 2021.03.04
  • MEDIUM6.5CVE-2023-27589Minio vulnerable to denial of access by an admin privileged user for root credential
    >= 2020.12.23, < 2023.03.13
  • MEDIUM5.9CVE-2021-21390MITM modification of request bodies in MinIO
    from 0, < 2021.03.17
  • MEDIUM5.3CVE-2024-36107MinIO information disclosure vulnerability in github.com/minio/minio
    from 0, < 2024.5.27
  • LOW2.7CVE-2022-35919Authenticated requests for server update admin API allows path traversal in minio
    from 0, < 2022.07.29
  • CVE-2026-42600MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
    >= 2022.07.24
  • CVE-2026-39414MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
    >= 2018.08.18, < 2026.04.10
  • CVE-2026-33419MinIO LDAP login brute-force via user enumeration and missing rate limit
    from 0, < 2026.03.17
  • CVE-2026-33322MinIO has JWT Algorithm Confusion in OIDC Authentication
    >= 2022.11.08, < 2026.03.17
  • CVE-2025-31489MinIO performs incomplete signature validation for unsigned-trailer uploads
    from 0, < 2023.12.23
  • CVE-2025-27414MinIO SFTP authentication bypass due to improperly trusted SSH key
    >= 2024.6.6, < 2025.2.28
  • CVE-2024-55949MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio
    >= 2022.6.23, < 2024.12.13