FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
80fbe184-2358-11ef-996e-40b034455553minio -- unintentional information disclosure

Minio security advisory GHSA-95fr-cm4m-q5p9 reports:

when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information.


Discovery 2024-05-28
Entry 2024-06-05
minio
< 2024.05.27.19.17.46

CVE-2024-36107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36107
144836e3-2358-11ef-996e-40b034455553minio -- privilege escalation via permissions inheritance

Minio security advisory GHSA-xx8w-mq23-29g4 ports:

When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3 permissions to something more permissive.


Discovery 2024-01-31
Entry 2024-06-05
minio
< 2024.01.31.20.20.33

CVE-2024-24747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24747