CVE-2023-33955 — Sensitive Information Exposure in Minio Console

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 42.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Minio Console Minio Console

Timeline

Latest updateMay 26

PublishedMay 30

Description

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDminio/console< 0.28.0

▶Gogithub.com/minio_console< 0.28.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited↗2023-05-26

▶

OSV

Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited↗2023-05-26

▶