CVE-2023-33955
MEDIUMMinio Console < 0.28.0 - Filename Spoofing via Unicode Right-to-Left Override
Title source: llmDescription
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/minio/console/security/advisories/GHSA-jv3f-7m33-qp65
Patch x_refsource_misc
https://github.com/minio/console/commit/17e791afb90c9ad27c65f63c6be14f2f6a3a9d60
Release Notes x_refsource_misc
https://github.com/minio/console/releases/tag/v0.28.0
Scores
CVSS v3
4.3
EPSS
0.0065
EPSS Percentile
46.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
minio/console
< 0.28.0
minio/console
0 - 0.28.0Go
Published
May 30, 2023
Tracked Since
Feb 18, 2026