vulnerability

FreeBSD: VID-144836e3-2358-11ef-996e-40b034455553 (CVE-2024-24747): minio -- privilege escalation via permissions inheritance

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jun 5, 2024	Sep 9, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 5, 2024

Added

Sep 9, 2024

Modified

Dec 10, 2025

Description

Minio security advisory GHSA-xx8w-mq23-29g4 ports: When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3 permissions to something more permissive.

Solution

freebsd-upgrade-package-minio

References

CVE-2024-24747
https://attackerkb.com/topics/CVE-2024-24747
CWE-269

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today