vulnerability

FreeBSD: VID-f4b15f7d-d33a-4cd0-a97b-709d6af0e43e (CVE-2021-41137): minio -- policy restriction issue

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Oct 23, 2021	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Oct 23, 2021

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using right permissions, do not need an explicit lookup regular users always have proper policy mapping

Solution

freebsd-upgrade-package-minio

References

CVE-2021-41137
https://attackerkb.com/topics/CVE-2021-41137
CWE-285

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today