cbcvebase.
CVE-2023-28432
published 2023-03-22

CVE-2023-28432: Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z…

PriorityP188high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2023-05-12
Exploited in the wild
EPSS
83.96%
99.7th percentile
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comminio_minio0 – 0.0.0-20260212201848-7aac2a2c5b7c
miniominio
miniominio>= 2019-12-17t23-16-33z < 2023-03-20t20-16-18z2023-03-20t20-16-18z

Detection & IOCsextracted from sources · hover to see the quote

url/minio/bootstrap/v1/verify
port9000
port9001
commandPOST /minio/bootstrap/v1/verify
pathbootstrap-peer-server.go
  • Detect exploitation attempts by monitoring for HTTP POST requests to the /minio/bootstrap/v1/verify endpoint, which triggers information disclosure of all MINIO_ environment variables including credentials.
  • Alert on responses from MinIO that contain the strings MINIO_SECRET_KEY or MINIO_ROOT_PASSWORD, which indicate successful exploitation of CVE-2023-28432.
  • Use KQL rules to search logs for suspicious network activity matching POST requests to the /minio/bootstrap/v1/verify endpoint.
  • Use YARA rules searching for specific byte sequences or network traffic characteristics associated with the MinIO CVE-2023-28432 exploit.
  • Vulnerable MinIO versions range from RELEASE.2019-12-17T23-16-33Z through RELEASE.2023-03-13T19-46-17Z (before RELEASE.2023-03-20T20-16-18Z); flag any MinIO instance in this range exposed on the network.
  • This vulnerability is being actively exploited in the wild; treat any internet-exposed MinIO instance on port 9000 as a high-priority target for scanning and patching.
  • ·The vulnerability only affects MinIO in cluster/distributed deployment mode; standalone single-node instances are not exploitable via this endpoint.
  • ·All environment variables prefixed with MINIO_ are returned by the vulnerable endpoint, meaning any secret stored as a MINIO_ env var (not just MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD) is exposed.
  • ·The affected version range is RELEASE.2019-12-17T23-16-33Z up to (but not including) RELEASE.2023-03-20T20-16-18Z; the fix is included in RELEASE.2023-03-20T20-16-18Z.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.