qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/MinIO-Console-Information-D...

63 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "MinIO Console Information Disclosure (CVE-2021-41266)",
"Description": "<p>Minio MinIO is an open source object storage server from MinIO (Minio) in the United States. The product supports the construction of infrastructure for machine learning, analytics, and application data workloads.</p><p>Minio 0.12.2 and earlier versions have an access control error vulnerability. When external IDP is enabled, the affected version will encounter authentication bypass issues in the console. Attackers can use vulnerabilities to obtain sensitive information to log in to the system.</p>",
"Product": "Minio Console",
"Homepage": "https://github.com/minio/console",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "title=\"MinIO-Console\"",
"GobyQuery": "title=\"MinIO-Console\"",
"Level": "2",
"Impact": "<p>Minio 0.12.2 and earlier versions have an access control error vulnerability. When external IDP is enabled, the affected version will encounter authentication bypass issues in the console. Attackers can use vulnerabilities to obtain sensitive information to log in to the system.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36\">https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Minio Console 信息泄露漏洞CVE-2021-41266",
"VulType": ["信息泄露"],
"Tags": ["信息泄露"],
"Description": "<p>Minio MinIO是美国MinIOMinio公司的一款开源的对象存储服务器。该产品支持构建用于机器学习、分析和应用程序数据工作负载的基础架构。</p><p>Minio 0.12.2及其之前版本存在访问控制错误漏洞在启用外部IDP时受影响的版本会在控制台中遇到身份验证绕过问题。攻击者可利用漏洞获取敏感信息登录系统。</p>",
"Impact": "<p>Minio 0.12.2及其之前版本存在访问控制错误漏洞在启用外部IDP时受影响的版本会在控制台中遇到身份验证绕过问题。攻击者可利用漏洞获取敏感信息登录系统。</p>",
"Product": "Minio Console",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36\">https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "MinIO Console Information Disclosure (CVE-2021-41266)",
"VulType": ["Information Disclosure"],
"Tags": ["Information Disclosure"],
"Description": "<p>Minio MinIO is an open source object storage server from MinIO (Minio) in the United States. The product supports the construction of infrastructure for machine learning, analytics, and application data workloads.</p><p>Minio 0.12.2 and earlier versions have an access control error vulnerability. When external IDP is enabled, the affected version will encounter authentication bypass issues in the console. Attackers can use vulnerabilities to obtain sensitive information to log in to the system.</p>",
"Impact": "<p>Minio 0.12.2 and earlier versions have an access control error vulnerability. When external IDP is enabled, the affected version will encounter authentication bypass issues in the console. Attackers can use vulnerabilities to obtain sensitive information to log in to the system.</p>",
"Product": "Minio Console",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36\">https://github.com/minio/console/security/advisories/GHSA-4999-659w-mq36</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202111-1271"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"Information Disclosure"
],
"VulType": [
"Information Disclosure"
],
"CVEIDs": [
"CVE-2021-41266"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202111-1271"
],
"CNVD": [
"CNVD-2021-88205"
]
}
Reference in New Issue View Git Blame Copy Permalink