Description

In a cluster deployment, MinIO discloses all environment variables. A successful attack of this vulnerability may result in takeover of the server.

Remediation

Upgrade to the latest version of MinIO

References

Information Disclosure in Cluster Deployment

Related Vulnerabilities

Unrestricted access to NGINX+ Dashboard

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)

WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)

Grails database console

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

Severity

High

Classification

CVE-2023-28432 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure