CVE-2021-41137

Improper Authorization in go/github.com/minio/minio

Identifiers

CVE-2021-41137, GHSA-v64v-g97p-577c

Package Slug

go/github.com/minio/minio

Vulnerability

Improper Authorization

Description

Minio is a Kubernetes native application for cloud storage. All users are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction does not work properly for users who does not have service (svc) or security token service (STS) accounts.

Affected Versions

Version 2021-10-10t16-53-30z

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-10-20

source