Skip to main content

CVE-2023-28432

Description

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.

GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2023-28432
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-28432
Mr-xn

CVE-2023-28434 nuclei templates

Refrence: GitHub

gobysec

MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432)

Refrence: GitHub

Okaytc

CVE-2023-28432,minio未授权访问检测工具

Refrence: GitHub

MzzdToT

MinIO敏感信息泄露漏洞批量扫描poc&exp

Refrence: GitHub

acheiii

CVE-2023-28432 POC

Refrence: GitHub

steponeerror

通过vulhub的复现过程实现了,基本的批量检测。比较垃圾但是勉强能用

Refrence: GitHub

Cuerz

CVE-2023-28432 MinIO敏感信息泄露检测脚本

Refrence: GitHub

LHXHL

Refrence: GitHub

h0ng10

Test environments for CVE-2023-28432, information disclosure in MinIO clusters

Refrence: GitHub

CHINA-china

Refrence: GitHub

TaroballzChen

MinIO Information Disclosure Vulnerability scanner by metasploit

Refrence: GitHub

bingtangbanli

CVE-2023-28432检测工具

Refrence: GitHub

Chocapikk

Automated vulnerability scanner for CVE-2023-28432 in Minio deployments, revealing sensitive environment variables.

Refrence: GitHub

yTxZx

Refrence: GitHub

unam4
C1ph3rX13

CVE-2023-28432 Minio Information isclosure Exploit

Refrence: GitHub

netuseradministrator

Refrence: GitHub

xk-mt

minio系统存在信息泄露漏洞,未经身份认证的远程攻击,通过发送特殊POST请求到/minio/bootstrap/v1/verify即可获取所有敏感信息,其中包括MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD,可能导致管理员账号密码泄露。

Refrence: GitHub

0xRulez

MinIO vulnerability exploit - CVE-2023-28432

Refrence: GitHub

Content on GitHub

Romanc9 | watchers:1

Gui-poc-test
A testing tool for CobaltStrike-RCE:CVE-2022-39197; Weblogic-RCE:CVE-2023-21839; MinIO:CVE-2023-28432

Refrence: GitHub

bingtangbanli | watchers:10

VulnerabilityTools
[CVE_2023_28432漏洞 、CVE_2023_32315漏洞、 ThinkPHP 2.x 任意代码执行漏洞 、ThinkPHP5 5.0.22/5.1.29 远程代码执行漏洞、 ThinkPHP5 5.0.23 远程代码执行漏洞 ThinkPHP 多语言本地文件包含漏洞]

Refrence: GitHub

peiqiF4ck | watchers:157

WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9