FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a4ff3673-d742-4b83-8c2b-3ddafe732034minio -- User privilege escalation

minio developers report:

AddUser() API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field

This API is mainly used to create a user or update a user's password.

However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining higher privileges.


Discovery 2021-12-27
Entry 2021-12-29
minio
< 2021.12.27.07.23.18

CVE-2021-43858
https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx
8e20430d-a72b-11ed-a04f-40b034455553MinIO -- unprivileged users can create service accounts for admin users

MinIO reports:

A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials.


Discovery 2022-04-11
Entry 2023-02-13
minio
< 2022.04.12.06.55.35

CVE-2022-24842
https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q