Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2023-28432
PUBLISHEDMinio Information Disclosure in Cluster Deployment
- Vendor
- minio
- Product
- minio
- Published
- Mar 22, 2023
- EPSS
- —
Description
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation status
Exploited in the wild
Recorded 2023-04-21 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- partial
References
- https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
- https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z
- https://twitter.com/Andrew___Morris/status/1639325397241278464
- https://viz.greynoise.io/tag/minio-information-disclosure-attempt
- https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 21, 2023 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-28432.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-10-20 10:20:10 UTC · 3 stars
github · Created 2023-09-05 14:01:53 UTC · 3 stars
Automated vulnerability scanner for CVE-2023-28432 in Minio deployments, revealing sensitive environment variables.
github · Created 2023-03-29 01:26:30 UTC · 10 stars
CVE-2023-28432 MinIO敏感信息泄露检测脚本
github · Created 2023-03-23 16:27:47 UTC · 10 stars
MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432)
github · Created 2023-03-23 14:44:24 UTC · 33 stars
CVE-2023-28434 nuclei templates
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei