Anis Elleuch

2 exploits Active since Apr 2020
CVE-2020-11012 WRITEUP CRITICAL WRITEUP
MinIO <RELEASE.2020-04-23T00-58-49Z - Auth Bypass
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.
CVSS 9.3
CVE-2023-25812 WRITEUP MEDIUM WRITEUP
Minio - DoS
Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue.
CVSS 6.5