vulnerability

FreeBSD: VID-B073677F-253A-41F9-BF2B-2D16072A25F6: minio -- MITM attack

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Mar 17, 2021
Added
Mar 18, 2021
Modified
Feb 19, 2025

Description



minio developer report:




This is a security issue because it enables MITM modification of


request bodies that are meant to have integrity guaranteed by chunk


signatures.




In a PUT request using aws-chunked encoding, MinIO ordinarily


verifies signatures at the end of a chunk. This check can be skipped


if the client sends a false chunk size that is much greater than the


actual data sent: the server accepts and completes the request


without ever reaching the end of the chunk + thereby without ever


checking the chunk signature.





Solution

freebsd-upgrade-package-minio

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.