CVE-2020-11012: Improper Authentication

April 23, 2020 (updated October 26, 2021)

MinIO has an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations, i.e., creating new service accounts for existing access keys without knowing the admin secret key.

References

nvd.nist.gov/vuln/detail/CVE-2020-11012

Code Behaviors & Features

Detect and mitigate CVE-2020-11012 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →