FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
b073677f-253a-41f9-bf2b-2d16072a25f6 | minio -- MITM attack
minio developer report:
This is a security issue because it enables MITM modification of
request bodies that are meant to have integrity guaranteed by chunk
signatures.
In a PUT request using aws-chunked encoding, MinIO ordinarily
verifies signatures at the end of a chunk. This check can be skipped
if the client sends a false chunk size that is much greater than the
actual data sent: the server accepts and completes the request
without ever reaching the end of the chunk + thereby without ever
checking the chunk signature.
Discovery 2021-03-17 Entry 2021-03-17 minio
< 2021.03.17.02.33.02
https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp
|
a4ff3673-d742-4b83-8c2b-3ddafe732034 | minio -- User privilege escalation
minio developers report:
AddUser() API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field
This API is mainly used to create a user or update a user's password.
However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining higher privileges.
Discovery 2021-12-27 Entry 2021-12-29 minio
< 2021.12.27.07.23.18
CVE-2021-43858
https://github.com/minio/minio/security/advisories/GHSA-j6jc-jqqc-p6cx
|
f4b15f7d-d33a-4cd0-a97b-709d6af0e43e | minio -- policy restriction issue
minio developers report:
Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts.
- svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true'
- sts accounts have always been using right permissions, do not need an explicit lookup
- regular users always have proper policy mapping
Discovery 2021-10-12 Entry 2021-10-23 minio
< 2021.10.23.03.28.24
CVE-2021-41137
https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c
|