CVE-2023-28432 PoC — Minio Information Disclosure in Cluster Deployment

Source

Associated Vulnerability

Description

Test environments for CVE-2023-28432, information disclosure in MinIO clusters

Readme

# CVE-2023-28432_docker
Test environments for CVE-2023-28432, information disclosure in MinIO clusters.

The directories provide different versions / configurations for a MinIO cluster:

| Directory                  | Remark                                                                            |
| -------------------------- | --------------------------------------------------------------------------------- |
| leaked-key                 | Vulnerable instance, using the (deprecated) MINIO_ACCESS_KEY environment variable |
| leaked-password            | Vulnerable instance, using the MINIO_ROOT_PASSWORD environment variable.          |
| no-password                | Vulnerable instance, using the default credentials if no password is set          |
| not-vulnerable             | Secure instance                                                                   |
| not-vulnerable-default-pw  | Secure instance, using the default credentials, thus vulnerable                   |

File Snapshot

 [4.0K]  /data/pocs/5ed5e6c1752cf2e49c09b4349625d8c5a2752b8c
├── [4.0K]  leaked-key
│   └── [2.2K]  docker-compose.yml
├── [4.0K]  leaked-password
│   └── [2.3K]  docker-compose.yml
├── [4.0K]  no-password
│   └── [1.9K]  docker-compose.yml
├── [4.0K]  not-vulnerable
│   └── [2.3K]  docker-compose.yml
├── [4.0K]  not-vulnerable-default-pw
│   └── [1.9K]  docker-compose.yml
└── [ 994]  README.md

5 directories, 6 files

Remarks