HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-28432

CVSS 7.5v3.1pub. 2023-03-22upd. 2025-10-24

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Minio

    APP
    Minio
    2019-12-17t23-16-33z – 2023-03-20t20-16-18z (bez)

CISA KEV — detailsi

Vendori
MinIO
Producti
MinIO
Added to KEVi
April 21, 2023
Remediation deadline (US Federal)i
May 12, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 12 maja 2023
CWE
References

Related vulnerabilities

CVE-2026-33322CRITICAL9.2PL ✓ten sam produkt

MinIO: JWT algorithm confusion umożliwia obejście uwierzytelnienia OIDC

CVE-2026-33419CRITICAL9.1PL ✓ten sam produkt

MinIO AIStor: brute-force danych LDAP przez STS AssumeRoleWithLDAPIdentity

CVE-2020-11012CRITICAL9.3ten sam produkt

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API....

CVE-2023-28434HIGH8.8⚠ KEVten sam produkt

Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use cr...

CVE-2026-40344HIGH8.8ten sam produkt

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEA...