CVE-2024-24747
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-24747 is a vulnerability affecting MinIO, a high-performance object storage system. The issue lies in the way access keys are created and inherited permissions. Specifically, when someone creates a new access key, it inherits the permissions of its parent key, including administrative rights (`admin:*`). This means that unless `admin` rights have been explicitly denied somewhere in the access-key hierarchy, new keys can override their own permissions to be more permissive. The vulnerability has been addressed in the RELEASE.2024-01-31T20-20-33Z update.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- MinIO
Affected Vendors
- Minio
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions