minio

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Object storage server compatible with Amazon S3
Version 2021.03.17-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1715 2021.03.04-1 2021.03.17-1 Medium Fixed
AVG-1664 2021.02.19-1 2021.03.04-1 Medium Fixed
AVG-1520 2020.12.26-1 2021.01.30-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-21390 AVG-1715 Medium Yes Man-in-the-middle
In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables man-in-the-middle (MITM) modification of request bodies that...
CVE-2021-21362 AVG-1664 Medium Yes Access restriction bypass
In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone...
CVE-2021-21287 AVG-1520 Medium Yes Directory traversal
In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for...

Advisories

Date Advisory Group Severity Type
13 Mar 2021 ASA-202103-5 AVG-1664 Medium access restriction bypass
06 Feb 2021 ASA-202102-10 AVG-1520 Medium directory traversal