CVE-2021-41266, GHSA-4999-659w-mq36
go/github.com/minio/console
Missing Authentication for Critical Function
Minio console is a graphical user interface for the for MinIO operator.Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLEIDPURL, CONSOLEIDPCLIENTID, CONSOLEIDPSECRET and CONSOLEIDP_CALLBACK environment variable and instead use the Kubernetes service account token.
All versions before 0.12.3
Upgrade to version 0.12.3 or above.
2021-11-22
source |