vulnerability
FreeBSD: VID-B073677F-253A-41F9-BF2B-2D16072A25F6: minio -- MITM attack
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Mar 17, 2021 | Mar 18, 2021 | Feb 19, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Mar 17, 2021
Added
Mar 18, 2021
Modified
Feb 19, 2025
Description
minio developer report:
This is a security issue because it enables MITM modification of
request bodies that are meant to have integrity guaranteed by chunk
signatures.
In a PUT request using aws-chunked encoding, MinIO ordinarily
verifies signatures at the end of a chunk. This check can be skipped
if the client sends a false chunk size that is much greater than the
actual data sent: the server accepts and completes the request
without ever reaching the end of the chunk + thereby without ever
checking the chunk signature.
Solution
freebsd-upgrade-package-minio
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.