FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

minio -- policy restriction issue

Affected packages
		minio	<	2021.10.23.03.28.24

Details

VuXML ID	f4b15f7d-d33a-4cd0-a97b-709d6af0e43e
Discovery	2021-10-12
Entry	2021-10-23

minio developers report:

Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts.

svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true'

sts accounts have always been using right permissions, do not need an explicit lookup

regular users always have proper policy mapping

[source]

References

CVE Name	CVE-2021-41137
URL	https://github.com/minio/minio/security/advisories/GHSA-v64v-g97p-577c