pkg:Go/github.com/minio/minio

All known vulnerabilities

• HIGH8.8CVE-2023-28434⚠ KEVMinIO is vulnerable to privilege escalation on Linux/MacOS
  from 0, < 0.0.0-202303200415
• HIGH8.8CVE-2024-24747MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
  from 0, < 0.0.0-20240131185645-0ae4915a9391
• HIGH8.8CVE-2024-24747MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
  from 0, < 0.0.0-20240131185645-0ae4915a9391
• HIGH8.8Minio Privilege Escalation on Windows via Path separator manipulation
  from 0, < 0.0.0-202303200735
• HIGH8.2MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
  >= 0.0.0-20230506025312-76913a9fd5c6, <= 0.0.0-20260212201848-7aac2a2c5b7c
• HIGH8.2MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
  >= 0.0.0-20230506025312-76913a9fd5c6, <= 0.0.0-20260212201848-7aac2a2c5b7c
• HIGH8.1MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
  from 0, < 0.0.0-20251015170045-c1a49490c78e
• HIGH8.1MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS
  from 0, < 0.0.0-20251015170045-c1a49490c78e
• HIGH7.1MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
  >= 0.0.0-20240328174456-468a9fae83e9
• HIGH7.1MinIO is Vulnerable to SSE Metadata Injection via Replication Headers
  >= 0.0.0-20240328174456-468a9fae83e9, <= 0.0.0-20260212201848-7aac2a2c5b7c
• MEDIUM5.3Information disclosure in minio
  from 0, < 0.0.0-20240527191746-e0fe7cc39172
• MEDIUM5.3Information disclosure in minio
  from 0, < 0.0.0-20240527191746-e0fe7cc39172
• MEDIUM4.9MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
  >= 0.0.0-20220724015452, < 0.0.0-20260414213245
• —MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
  >= 0.0.0-20180815103019-7c14cdb60e53, <= 0.0.0-20251203081239-27742d469462
• —MinIO: LDAP login brute-force via user enumeration and missing rate limit
  from 0
• —MinIO: LDAP login brute-force via user enumeration and missing rate limit
  from 0, <= 0.0.0-20260212201848-7aac2a2c5b7c
• —MinIO: JWT Algorithm Confusion in OIDC Authentication
  from 0
• —MinIO: JWT Algorithm Confusion in OIDC Authentication
  from 0, <= 0.0.0-20260212201848-7aac2a2c5b7c
• —MinIO performs incomplete signature validation for unsigned-trailer uploads
  from 0, < 0.0.0-20250403145552-8c70975283f9
• —MinIO performs incomplete signature validation for unsigned-trailer uploads
  from 0, < 0.0.0-20250403145552-8c70975283f9
• —MinIO SFTP authentication bypass due to improperly trusted SSH key
  from 0
• —MinIO SFTP authentication bypass due to improperly trusted SSH key
  >= 0.0.0-20240605075113-91e1487de457, < 0.0.0-20250227184332-4c71f1b4ec0f
• —Privilege escalation in IAM import API in MinIO
  >= 0.0.0-20220623162515-580d9db85e04, < 0.0.0-20241213221912-68b004a48f41
• —Privilege escalation in IAM import API in MinIO
  >= 0.0.0-20220623162515-580d9db85e04, < 0.0.0-20241213221912-68b004a48f41