-
Notifications
You must be signed in to change notification settings - Fork 67
x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2023-28432 #1667
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Comments
Change https://go.dev/cl/478875 mentions this issue: |
Change https://go.dev/cl/479297 mentions this issue: |
Change https://go.dev/cl/592760 mentions this issue: |
CVE-2023-28432 references github.com/minio/minio, which may be a Go module.
Description:
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including
MINIO_SECRET_KEY
andMINIO_ROOT_PASSWORD
, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: