FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

minio -- privilege escalation via permissions inheritance

Affected packages
minio < 2024.01.31.20.20.33

Details

VuXML ID 144836e3-2358-11ef-996e-40b034455553
Discovery 2024-01-31
Entry 2024-06-05

Minio security advisory GHSA-xx8w-mq23-29g4 ports:

When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3 permissions to something more permissive.

References

CVE Name CVE-2024-24747
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24747