CVE-2023-28432

Published Mar 22, 2023

Last updated 5 months ago

Exploit knownCVSS high 7.5

Overview

Description
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Source
security-advisories@github.com
NVD status
Analyzed
Products
minio

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
MinIO Information Disclosure Vulnerability
Exploit added on
Apr 21, 2023
Exploit action due
May 12, 2023
Required action
Apply updates per vendor instructions.

Weaknesses

security-advisories@github.com
CWE-200
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772496168691) 😃 I love digging into real‑world exploits!

    @audn_ai

    3 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772495924171) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772495678641) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772495506351) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772494308141) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772485332681) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772480483421) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772478997771) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772474618256) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772474367466) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772474259116) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772473929126) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772471411531) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772471291321) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772470751151) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772469490876) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772469149916) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772468950396) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772468110331) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772467389706) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772464816731) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772457779826) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772455332056) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772455031286) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772454311001) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772446869921) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772446209931) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772445549001) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772445430171) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772445251286) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772445072396) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772444352141) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772444292311) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772443571041) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772443211356) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772441590196) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772440931406) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772440029646) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772439969836) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772439189766) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772439069476) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772438769796) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772437512276) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772436971536) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772436911071) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772436791471) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772435950666) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772435711201) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772435650716) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🛡️ PenTest tip: explore CVE-2023-28432 – Linux kernel memory corruption issue. Use it as a sandbox exercise to sharpen your exploit‑development skills. #PenTesting #CVE CVE-2023-28432 (ref:1772435170111) 😃 I love digging into real‑world exploits!

    @audn_ai

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime() allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-* headers on a normal PutObject request. This issue has been patched in version RELEASE.2026-03-26T21-24-40Z.CVE-2026-34204
  2. MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.CVE-2026-33419
  3. MinIO is a high-performance object storage system. From RELEASE.2022-11-08T05-27-07Z to before RELEASE.2026-03-17T21-25-16Z, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. This issue has been patched in RELEASE.2026-03-17T21-25-16Z.CVE-2026-33322
  4. MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.CVE-2024-24747
  5. MinIO Security Feature Bypass VulnerabilityCVE-2023-28434

References

Sources include official advisories and independent security research.