← Back to CVE List

CVE-2023-27589

Published: 2023-03-14T19:15Z
Last Modified: 2024-11-21T07:53Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with `consoleAdmin` permissions can potentially create a user that matches the root credential `accessKey`. Once this user is created successfully, the root credential ceases to work appropriately. The issue is patched in RELEASE.2023-03-13T19-46-17Z. There are ways to work around this via adding higher privileges to the disabled root user via `mc admin policy set`. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt