Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MinIO Information Disclosure (CVE-2023-28432)

Description

In a cluster deployment, MinIO discloses all environment variables. A successful attack of this vulnerability may result in takeover of the server.

Remediation

Upgrade to the latest version of MinIO

References

Information Disclosure in Cluster Deployment

Related Vulnerabilities

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

Tiki Wiki CMS: Remote Code Execution via Calendar Module

WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)

Severity

High

Classification

CVE-2023-28432 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure