CVE-2023-28432
published 2023-03-22CVE-2023-28432: Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z…
PriorityP188high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2023-05-12
Exploited in the wild
EPSS
83.96%
99.7th percentile
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`
and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | minio_minio | 0 – 0.0.0-20260212201848-7aac2a2c5b7c | — |
| minio | minio | — | — |
| minio | minio | >= 2019-12-17t23-16-33z < 2023-03-20t20-16-18z | 2023-03-20t20-16-18z |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for HTTP POST requests to the /minio/bootstrap/v1/verify endpoint, which triggers information disclosure of all MINIO_ environment variables including credentials. ↗
- →Alert on responses from MinIO that contain the strings MINIO_SECRET_KEY or MINIO_ROOT_PASSWORD, which indicate successful exploitation of CVE-2023-28432. ↗
- →Use KQL rules to search logs for suspicious network activity matching POST requests to the /minio/bootstrap/v1/verify endpoint. ↗
- →Use YARA rules searching for specific byte sequences or network traffic characteristics associated with the MinIO CVE-2023-28432 exploit. ↗
- →Vulnerable MinIO versions range from RELEASE.2019-12-17T23-16-33Z through RELEASE.2023-03-13T19-46-17Z (before RELEASE.2023-03-20T20-16-18Z); flag any MinIO instance in this range exposed on the network. ↗
- →This vulnerability is being actively exploited in the wild; treat any internet-exposed MinIO instance on port 9000 as a high-priority target for scanning and patching. ↗
- ·The vulnerability only affects MinIO in cluster/distributed deployment mode; standalone single-node instances are not exploitable via this endpoint. ↗
- ·All environment variables prefixed with MINIO_ are returned by the vulnerable endpoint, meaning any secret stored as a MINIO_ env var (not just MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD) is exposed. ↗
- ·The affected version range is RELEASE.2019-12-17T23-16-33Z up to (but not including) RELEASE.2023-03-20T20-16-18Z; the fix is included in RELEASE.2023-03-20T20-16-18Z. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MinIO has JWT Algorithm Confusion in OIDC Authentication
ghsa·2026-03-19·CVSS 7.5
CVE-2026-33322 [HIGH] CWE-287 MinIO has JWT Algorithm Confusion in OIDC Authentication
MinIO has JWT Algorithm Confusion in OIDC Authentication
### Impact
_What kind of vulnerability is it? Who is impacted?_
A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC `ClientSecret` to forge arbitrary identity tokens and obtain S3 credentials with any policy, including `consoleAdmin`.
An attacker with knowledge of the OIDC `ClientSecret` can:
- Impersonate any user identity
- Obtain S3 credentials with any IAM policy, including `consoleAdmin`
- Access, modify, or delete any data in the MinIO deployment
The attack is deterministic (100% success rate, no race conditions).
#### Attack Prerequisites
The attacker must know the OIDC `ClientSecret`. While this is a shared credential (not a private key), it is more acc
OSV
MinIO has JWT Algorithm Confusion in OIDC Authentication
osv·2026-03-19·CVSS 7.5
CVE-2026-33322 [HIGH] MinIO has JWT Algorithm Confusion in OIDC Authentication
MinIO has JWT Algorithm Confusion in OIDC Authentication
### Impact
_What kind of vulnerability is it? Who is impacted?_
A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC `ClientSecret` to forge arbitrary identity tokens and obtain S3 credentials with any policy, including `consoleAdmin`.
An attacker with knowledge of the OIDC `ClientSecret` can:
- Impersonate any user identity
- Obtain S3 credentials with any IAM policy, including `consoleAdmin`
- Access, modify, or delete any data in the MinIO deployment
The attack is deterministic (100% success rate, no race conditions).
#### Attack Prerequisites
The attacker must know the OIDC `ClientSecret`. While this is a shared credential (not a private key), it is more acc
OSV
CVE-2023-28432: Minio is a Multi-Cloud Object Storage framework
osv·2023-03-22·CVSS 7.5
CVE-2023-28432 [HIGH] CVE-2023-28432: Minio is a Multi-Cloud Object Storage framework
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
VulnCheck
MinIO Information Disclosure Vulnerability
vulncheck·2023·CVSS 7.5
CVE-2023-28432 [HIGH] CWE-200 MinIO Information Disclosure Vulnerability
MinIO Information Disclosure Vulnerability
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Affected: MinIO MinIO
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-15&host_type=src&vulnerability=cve-2023-28432; https://dashboard.shadowserver.org/statistics/hon
CISA
MinIO Information Disclosure Vulnerability
cisa·2023-04-21·CVSS 7.5
CVE-2023-28432 [HIGH] CWE-200 MinIO Information Disclosure Vulnerability
Vulnerability: MinIO Information Disclosure Vulnerability
Affected: MinIO MinIO
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Required Action: Apply updates per vendor instructions.
Notes: https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432
Remediation Due Date: 2023-05-12
Suricata
ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)
suricata·2023-09-05·CVSS 7.5
CVE-2023-28432 [HIGH] ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)
ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/minio/bootstrap/v1/verify"; fast_pattern; reference:url,www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; reference:cve,2023-28432; classtype:attempted-admin; sid:2047923; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2023_09_05, cve CVE_2023_28432, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_04_07, reviewed_at 2024_10_02, mitr
Suricata
ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)
suricata·2023-09-05·CVSS 7.5
CVE-2023-28432 [HIGH] ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)
ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|22|MINIO_ROOT_PASSWORD"; fast_pattern; content:"|22|MINIO_SECRET_KEY|22 3a 22|"; reference:url,www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; reference:cve,2023-28432; classtype:attempted-admin; sid:2047924; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2023_09_05, cve CVE_2023_28432, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence
Metasploit
MinIO Bootstrap Verify Information Disclosure
metasploit
MinIO Bootstrap Verify Information Disclosure
MinIO Bootstrap Verify Information Disclosure
MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. Verified against MinIO 2023-02-27T18:10:45Z
Nuclei
MinIO Cluster Deployment - Information Disclosure
nuclei·CVSS 7.5
CVE-2023-28432 [HIGH] MinIO Cluster Deployment - Information Disclosure
MinIO Cluster Deployment - Information Disclosure
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.
Template:
id: CVE-2023-28432
info:
name: MinIO Cluster Deployment - Information Disclosure
author: Mr-xn
severity: high
description: |
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, Mi
CTF
minioday / README
ctf_writeups·2024·CVSS 7.5
CVE-2023-28432 [HIGH] minioday / README
# minioday - Real World CTF 6th (web, 11 solved, 290p)
## Introduction
minioday is a web task.
An archive containing a Dockerfile and minion data is given.
The container is using minio in version `RELEASE.2023-03-13T19-46-17Z`.
## Known vulnerabilities
By looking for information about that specific version of minio, one can find
the official [security advisory] from minio's blog.
The advisory mentions two vulnerabilities: [CVE-2023-28432] and
[CVE-2023-28434].
The first vulnerability leaks environment variables from the server.
Since they contain the username and password of the administrator account, an
attacker can use this account to log in and push a malicious update to take over
the machine.
This vulnerability is not exploitable because it requires clustering which has
not been
CTF
medium / README
ctf_writeups·CVSS 9.1
[CRITICAL] medium / README
---
layout: default
title: Medium Machines
parent: Machines
nav_order: 2
description: "112+ Medium HTB machine writeups with walkthroughs"
permalink: /machines/medium/
---
# HackTheBox - Medium Machines
> Comprehensive index of retired HTB Medium-difficulty machines with key techniques and attack path summaries.
**Total: 100+ machines** | Sorted roughly by retirement date (newest first)
---
## Machine Index
| # | Machine | OS | Key Techniques | Attack Path Summary | Writeup |
|---|---------|-----|----------------|---------------------|---------|
| 1 | Signed | Linux | Code Signing Bypass, Certificate Abuse | Forge code signature to deploy malicious update, escalate via trusted binary execution | [0xdf](https://0xdf.gitlab.io/2026/02/07/htb-signed.html) |
| 2 | Voleur | Linux | Data E
Sentinelone
CVE-2023-28432: Minio Information Disclosure Vulnerability
blogs_sentinelone·2023-04-05·CVSS 7.5
CVE-2023-28432 [HIGH] CVE-2023-28432: Minio Information Disclosure Vulnerability
CVE-2023-28432 is an information disclosure vulnerability discovered in MinIO, a popular Multi-Cloud Object Storage framework widely used for machine learning, analytics, and application data workloads. The vulnerability affects MinIO cluster deployments starting with RELEASE.2019-12-17T23-16-33Z and before RELEASE.2023-03-20T20-16-18Z. The vulnerability has a CVSS score of 7.5, classified as high.
## Vulnerability Details
The vulnerability occurs when MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. This means it could expose sensitive information, such as secret keys and passwords, to unauthorized parties.
The vulnerable code is located in the VerifyHandler function in the bootstrap-peer-server.go file of
Sentinelone
CVE-2023-28432: Minio Information Disclosure Vulnerability
blogs_sentinelone·2023-04-05·CVSS 7.5
CVE-2023-28432 [HIGH] CVE-2023-28432: Minio Information Disclosure Vulnerability
CVE-2023-28432 is an information disclosure vulnerability discovered in MinIO, a popular Multi-Cloud Object Storage framework widely used for machine learning , analytics, and application data workloads. The vulnerability affects MinIO cluster deployments starting with RELEASE.2019-12-17T23-16-33Z and before RELEASE.2023-03-20T20-16-18Z . The vulnerability has a CVSS score of 7.5 , classified as high .
## Vulnerability Details
The vulnerability occurs when MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. This means it could expose sensitive information, such as secret keys and passwords , to unauthorized parties.
The vulnerable code is located in the VerifyHandler function in the bootstrap-peer-server.go fi
Sentinelone
CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
blogs_sentinelone·2023-03-29·CVSS 9.8
CVE-2023-23397 [CRITICAL] CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Microsoft Outlook that was assigned a 9.8 CVSS rating. It is an elevation of privilege (EoP) vulnerability in Microsoft Outlook that allows a threat actor to send a specially crafted email with a malicious payload that will cause the victim’s Outlook client to automatically connect to a Universal Naming Convention (UNC) location under the actor’s control to receive the Net-NTLMv2 user’s password hash. This vulnerability affects all versions of Windows Outlook.
## what is an NTLMv2 hash?
The Windows authentication system uses NTLMv2, which is a challenge-response protocol. When a server or service requests authentication from a user, the user must respond with a hashed representation of their credentia
Greynoiseio
OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
blogs_greynoiseio·CVSS 7.5
[HIGH] OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
The Seventh Day Of Tagsmas (2023): MinIO Information Disclosure Attempt (CVE-2023-28432)
blogs_greynoiseio·CVSS 7.5
[HIGH] The Seventh Day Of Tagsmas (2023): MinIO Information Disclosure Attempt (CVE-2023-28432)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Zhttps://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3qhttps://twitter.com/Andrew___Morris/status/1639325397241278464https://viz.greynoise.io/tag/minio-information-disclosure-attempthttps://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-cleanhttps://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Zhttps://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3qhttps://twitter.com/Andrew___Morris/status/1639325397241278464https://viz.greynoise.io/tag/minio-information-disclosure-attempthttps://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-cleanhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28432
2023-03-22
Published
2023-04-21
Added to CISA KEV
Exploited in the wild