CVE-2023-28432
Minio Information Disclosure in Cluster Deployment
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 15, 2023
- Published Date
- March 22, 2023
- Last Updated
- January 28, 2025
- Vendor
- minio
- Product
- minio
- Description
- Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-04-21 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-28432.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
C1ph3rX13/CVE-2023-28432
Type: github • Created: 2023-12-07 03:33:37 UTC • Stars: 1
yTxZx/CVE-2023-28432
Type: github • Created: 2023-10-20 10:20:10 UTC • Stars: 3
Chocapikk/CVE-2023-28432
Type: github • Created: 2023-09-05 14:01:53 UTC • Stars: 3
Cuerz/CVE-2023-28432
Type: github • Created: 2023-03-29 01:26:30 UTC • Stars: 10
acheiii/CVE-2023-28432
Type: github • Created: 2023-03-24 08:27:32 UTC • Stars: 10
MzzdToT/CVE-2023-28432
Type: github • Created: 2023-03-24 08:13:34 UTC • Stars: 34
gobysec/CVE-2023-28432
Type: github • Created: 2023-03-23 16:27:47 UTC • Stars: 10
Mr-xn/CVE-2023-28432
Type: github • Created: 2023-03-23 14:44:24 UTC • Stars: 33