CVE-2021-21362 – MinIO is an open-source high performance object storage service and it is API compatible w …

8 March 2021

Vuln ID: CVE-2021-21362

Published: 2021-03-08 19:15:13Z

Description: MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary ‘mc share upload’ URL. Everyone is impacted who uses MinIO multi-users. This is fixed in version RELEASE.2021-03-04T00-53-13Z. As a workaround, one can disable uploads with `Content-Type: multipart/form-data` as mentioned in the S3 API RESTObjectPOST docs by using a proxy in front of MinIO.

Source: NVD.NIST.GOV

Date:

8 March 2021

Categorie(s):

NVD

Tag(s):

NVD

How APIs Help To Improve Your Customers’ Experience [5 Tips]20 April 2024
Essential Cyber Security Plan for Small Business20 April 2024
Are PayPal’s Executives Looking Towards Re-Inventing the Product’s Identity?20 April 2024
Why A One-Size-Fits-All Approach No Longer Works For Modern Banking Clients20 April 2024
What Is Zero Trust Architecture All About?20 April 2024