minio

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Object storage server compatible with Amazon S3
Version	2024.11.07-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2467	2021.09.03-1		High	Not affected
AVG-1715	2021.03.04-1	2021.03.17-1	Medium	Fixed
AVG-1664	2021.02.19-1	2021.03.04-1	Medium	Fixed
AVG-1520	2020.12.26-1	2021.01.30-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41137	AVG-2467	High	Yes	Access restriction bypass	All users on MinIO release RELEASE.2021-10-10T16-53-30Z are affected by a vulnerability that involves bypassing policy restrictions on regular users....
CVE-2021-21390	AVG-1715	Medium	Yes	Man-in-the-middle	In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables man-in-the-middle (MITM) modification of request bodies that...
CVE-2021-21362	AVG-1664	Medium	Yes	Access restriction bypass	In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone...
CVE-2021-21287	AVG-1520	Medium	Yes	Directory traversal	In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for...

Advisories

Date	Advisory	Group	Severity	Type
13 Mar 2021	ASA-202103-5	AVG-1664	Medium	access restriction bypass
06 Feb 2021	ASA-202102-10	AVG-1520	Medium	directory traversal