FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8e20430d-a72b-11ed-a04f-40b034455553MinIO -- unprivileged users can create service accounts for admin users

MinIO reports:

A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials.


Discovery 2022-04-11
Entry 2023-02-13
minio
< 2022.04.12.06.55.35

CVE-2022-24842
https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q
a4ff3673-d742-4b83-8c2b-3ddafe732034minio -- User privilege escalation

minio developers report:

AddUser() API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field

This API is mainly used to create a user or update a user's password.

However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining higher privileges.


Discovery 2021-12-27
Entry 2021-12-29
minio
< 2021.12.27.07.23.18

CVE-2021-43858
https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx
f4b15f7d-d33a-4cd0-a97b-709d6af0e43eminio -- policy restriction issue

minio developers report:

Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts.

  • svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true'
  • sts accounts have always been using right permissions, do not need an explicit lookup
  • regular users always have proper policy mapping

Discovery 2021-10-12
Entry 2021-10-23
minio
< 2021.10.23.03.28.24

CVE-2021-41137
https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c