FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

MinIO -- unprivileged users can create service accounts for admin users

Affected packages
minio < 2022.04.12.06.55.35

Details

VuXML ID 8e20430d-a72b-11ed-a04f-40b034455553
Discovery 2022-04-11
Entry 2023-02-13

MinIO reports:

A security issue was found where an unprivileged user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials.

References

CVE Name CVE-2022-24842
URL https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q