CVE-2023-28432CISA KEV: Actively Exploited

MinIO Information Disclosure Vulnerability

Published Apr 21, 2023·Updated Apr 21, 2023

Description

MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.

Public Exploits & PoCs18 found

PoC: CVE-2023-28432

MinIO存在信息泄露漏洞,未经身份认证的远程攻击者通过发送特殊HTTP请求即可获取所有环境变量,其中包括MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD,造成敏感信息泄露,最终可能导致攻击者以管理员身份登录MinIO

3

PoC: CVE-2023-28432

CVE-2023-28434 nuclei templates

3

PoC: MinIO_CVE-2023-28432

minio敏感信息泄露

1

PoC: CVE-2023-28432

CVE-2023-28432 POC

1

PoC: minio_unauth_check

CVE-2023-28432,minio未授权访问检测工具

1

PoC: CVE-2023-28432

MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432)

1

PoC: CVE-2023-28432

PoC for CVE-2023-28432

PoC: CVE-2023-28432

MinIO vulnerability exploit - CVE-2023-28432

PoC: CVE-2023-28432

minio系统存在信息泄露漏洞,未经身份认证的远程攻击,通过发送特殊POST请求到/minio/bootstrap/v1/verify即可获取所有敏感信息,其中包括MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD,可能导致管理员账号密码泄露。

PoC: CVE-2023-28432

CVE-2023-28432 Minio Information isclosure Exploit

PoC: minio-CVE-2023-28432-rce

https://github.com/AbelChe/evil_minio/tree/main 打包留存

PoC: CVE-2023-28432

Automated vulnerability scanner for CVE-2023-28432 in Minio deployments, revealing sensitive environment variables.

PoC: CVE-2023-28432

CVE-2023-28432检测工具

PoC: CVE-2023-28432

CVE-2023-28432检测工具

PoC: CVE-2023-28432-metasploit-scanner

MinIO Information Disclosure Vulnerability scanner by metasploit

PoC: CVE-2023-28432_docker

Test environments for CVE-2023-28432, information disclosure in MinIO clusters

PoC: CVE-2023-28432

CVE-2023-28432 MinIO敏感信息泄露检测脚本

PoC: Cve-2023-28432-

通过vulhub的复现过程实现了,基本的批量检测。比较垃圾但是勉强能用

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free