Question 1

What is CVE-2023-28434 — MinIO Security Feature Bypass Vulnerability?

Accepted Answer

MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation.

Question 2

What is the authoritative source for CVE-2023-28434?

Accepted Answer

MinIO Security Feature Bypass Vulnerability (CVE-2023-28434) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2023-28434MinIO Security Feature Bypass Vulnerability

Description

Scoring

CISA KEV entry

(incoming)1

Related by meaning· 6