CVE-2020-11012

CVE-2020-11012

Name

CVE-2020-11012

Description

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923
Third Party Advisory	https://github.com/minio/minio/pull/9422
Patch	https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w
Third Party Advisory	https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z

Type

URI

Patch

https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923

Third Party Advisory

https://github.com/minio/minio/pull/9422

Patch

https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w

Third Party Advisory

https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:minio:minio::::::::`	minio	>= None	< 2020-04-23t00-58-49z

CPE URI

Source package

Min version

Max version

cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*

minio

>= None

< 2020-04-23t00-58-49z

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
minio	3.17-community	0.20221029.062133-r5	Drew DeVault <sir@cmpwn.com>	fixed
minio	3.18-community	0.20230920.224955-r2	Celeste <cielesti@protonmail.com>	fixed
minio	3.19-community	0.20240131.202033-r3	Celeste <cielesti@protonmail.com>	fixed
minio	3.20-community	0.20240527.191746-r2	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20241107.005220-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20241213.221912-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20241218.131544-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250118.003137-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250120.144907-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250203.210304-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250207.232109-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250207.232109-r1	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250218.162555-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250228.095516-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250312.180418-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250312.180418-r1	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250403.145628-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250408.154124-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250422.221226-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250422.221226-r1	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250524.170830-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250613.113347-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250613.113347-r1	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250718.215631-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250723.155402-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250723.155402-r1	Celeste <cielesti@protonmail.com>	fixed
minio	3.22-community	0.20241107.005220-r5	Celeste <cielesti@protonmail.com>	fixed
minio	3.22-community	0.20250524.170830-r1	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250723.155402-r2	Celeste <cielesti@protonmail.com>	fixed
minio	3.22-community	0.20250524.170830-r2	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250906.173846-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250907.161309-r0	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20250907.161309-r1	Celeste <cielesti@protonmail.com>	fixed
minio	3.22-community	0.20250524.170830-r3	Celeste <cielesti@protonmail.com>	fixed
minio	edge-community	0.20251015.172955-r0	Celeste <cielesti@protonmail.com>	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages