vulnerability

FreeBSD: VID-f4b15f7d-d33a-4cd0-a97b-709d6af0e43e (CVE-2021-41137): minio -- policy restriction issue

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Oct 23, 2021	Nov 4, 2022	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Oct 23, 2021

Added

Nov 4, 2022

Modified

Mar 25, 2026

Description

minio developers report: Looks like policy restriction was not working properly for normal users when they are not svc or STS accounts. svc accounts are now properly fixed to get right permissions when its inherited, so we do not have to set 'owner = true' sts accounts have always been using right permissions, do not need an explicit lookup regular users always have proper policy mapping

Solution

freebsd-upgrade-package-minio

References

CVE-2021-41137
https://attackerkb.com/topics/CVE-2021-41137
CWE-285
EUVD-EUVD-2021-28255
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-28255

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report