WEB MinIO HTTP API Privileges Management (CVE-2021-43858)

Rule ID

1232634

Severity

High

Description

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges.

Impact

Privilege escalation

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Allow

Reference

CVE-2021-43858

T1068

Keyword

N/A

Created At

2023/04/27

Updated At

2023/04/28

This website uses cookies to ensure you get the best experience on our website.

Learn more