pkg:Bitnami/minio

All known vulnerabilities

• HIGH8.8CVE-2023-28434⚠ KEVMinIO is vulnerable to privilege escalation on Linux/MacOS
  from 0, < 2023.03.20
• HIGH7.5CVE-2023-28432⚠ KEVMinio Information Disclosure in Cluster Deployment
  >= 2019.12.17, < 2023.03.20
• HIGH8.8User privilege escalation in MinIO
  from 0, < 2021.12.27
• HIGH8.8Improper Privilege Management in MinIO
  >= 2021.12.09, < 2022.04.12
• HIGH8.8Allowed DELETE on resources on object locked buckets under Governance mode in Minio
  >= 2020.04.10, < 2023.02.17
• HIGH8.8MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
  >= 2024.1.31, < 2024.2.4
• HIGH8.8Minio Privilege Escalation on Windows via Path separator manipulation
  from 0, < 2023.03.20
• HIGH8.2MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
  >= 2023.05.18
• HIGH8.2MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
  >= 2023.05.18
• HIGH8.1MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
  from 0, < 2025.10.15
• HIGH7.7Server-Side Request Forgery in MinIO Browser API
  from 0, < 2021.01.30
• HIGH7.5Authentication bypass MinIO Admin API
  from 0, < 2020.04.23
• HIGH7.5Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO
  >= 2019.09.25, < 2022.06.02
• HIGH7.1MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
  >= 2024.03.30
• MEDIUM6.5Bypassing readOnly policy by creating a temporary 'mc share upload' URL
  from 0, < 2021.03.04
• MEDIUM6.5Minio vulnerable to denial of access by an admin privileged user for root credential
  >= 2020.12.23, < 2023.03.13
• MEDIUM5.9MITM modification of request bodies in MinIO
  from 0, < 2021.03.17
• MEDIUM5.3Information disclosure in minio
  from 0, < 2024.5.27
• MEDIUM4.9MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
  >= 2022.07.24
• LOW2.7Authenticated requests for server update admin API allows path traversal in minio
  from 0, < 2022.07.29
• —MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
  >= 2018.08.18, < 2026.04.10
• —MinIO: LDAP login brute-force via user enumeration and missing rate limit
  from 0, < 2026.03.17
• —MinIO: JWT Algorithm Confusion in OIDC Authentication
  >= 2022.11.08, < 2026.03.17
• —MinIO performs incomplete signature validation for unsigned-trailer uploads
  from 0, < 2023.12.23
• —MinIO SFTP authentication bypass due to improperly trusted SSH key
  >= 2024.6.6, < 2025.2.28
• —Privilege escalation in IAM import API in MinIO
  >= 2022.6.23, < 2024.12.13