CVE-2021-41137 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Access restriction bypass
Description	All users on MinIO release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in RELEASE.2021-10-13T00-23-17Z.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2467	minio	2021.09.03-1		High	Not affected

References
https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c https://github.com/minio/minio/pull/13388 https://github.com/minio/minio/pull/13422 https://github.com/minio/minio/commit/415bbc74aacd53a120e54a663e941b1809982dbd

References

https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c
https://github.com/minio/minio/pull/13388
https://github.com/minio/minio/pull/13422
https://github.com/minio/minio/commit/415bbc74aacd53a120e54a663e941b1809982dbd