vulnerability
FreeBSD: VID-b073677f-253a-41f9-bf2b-2d16072a25f6: minio -- MITM attack
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Mar 17, 2021 | Mar 18, 2021 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Mar 17, 2021
Added
Mar 18, 2021
Modified
Dec 10, 2025
Description
minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature.
Solution
freebsd-upgrade-package-minio
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.