-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2024-24747 #2499
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
neild
added
the
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
label
Feb 8, 2024
Change https://go.dev/cl/567817 mentions this issue: |
Change https://go.dev/cl/592778 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Jun 28, 2024
- data/reports/GO-2024-2521.yaml - data/reports/GO-2024-2434.yaml - data/reports/GO-2024-2537.yaml - data/reports/GO-2024-2432.yaml - data/reports/GO-2024-2483.yaml - data/reports/GO-2024-2480.yaml - data/reports/GO-2024-2433.yaml - data/reports/GO-2024-2530.yaml - data/reports/GO-2024-2556.yaml - data/reports/GO-2024-2472.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2560.yaml - data/reports/GO-2024-2561.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2491.yaml - data/reports/GO-2024-2479.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2496.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2558.yaml - data/reports/GO-2024-2430.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2431.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2495.yaml - data/reports/GO-2024-2557.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2512.yaml - data/reports/GO-2024-2528.yaml - data/reports/GO-2024-2529.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2562.yaml - data/reports/GO-2024-2441.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2477.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2510.yaml - data/reports/GO-2024-2564.yaml - data/reports/GO-2024-2476.yaml - data/reports/GO-2024-2527.yaml - data/reports/GO-2024-2481.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2457.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2440.yaml - data/reports/GO-2024-2500.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2550.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2516.yaml - data/reports/GO-2024-2531.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2563.yaml - data/reports/GO-2024-2532.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2535.yaml - data/reports/GO-2024-2458.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2549.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2559.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2565.yaml Updates #2521 Updates #2434 Updates #2537 Updates #2432 Updates #2483 Updates #2480 Updates #2433 Updates #2530 Updates #2556 Updates #2472 Updates #2540 Updates #2560 Updates #2561 Updates #2590 Updates #2428 Updates #2508 Updates #2592 Updates #2511 Updates #2491 Updates #2479 Updates #2509 Updates #2589 Updates #2496 Updates #2505 Updates #2558 Updates #2430 Updates #2594 Updates #2431 Updates #2488 Updates #2495 Updates #2557 Updates #2442 Updates #2593 Updates #2512 Updates #2528 Updates #2529 Updates #2588 Updates #2562 Updates #2441 Updates #2591 Updates #2477 Updates #2448 Updates #2510 Updates #2564 Updates #2476 Updates #2527 Updates #2481 Updates #2445 Updates #2457 Updates #2446 Updates #2447 Updates #2501 Updates #2440 Updates #2500 Updates #2444 Updates #2550 Updates #2523 Updates #2516 Updates #2531 Updates #2595 Updates #2520 Updates #2582 Updates #2485 Updates #2541 Updates #2563 Updates #2532 Updates #2450 Updates #2515 Updates #2499 Updates #2514 Updates #2535 Updates #2458 Updates #2449 Updates #2549 Updates #2517 Updates #2478 Updates #2559 Updates #2486 Updates #2513 Updates #2565 Change-Id: I9920757c40e457cb5d033ef0e0a99deb6a5c29b5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/592778 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Change https://go.dev/cl/606358 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 19, 2024
- data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2519.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2641.yaml Updates #2428 Updates #2442 Updates #2444 Updates #2445 Updates #2446 Updates #2447 Updates #2448 Updates #2449 Updates #2450 Updates #2478 Updates #2485 Updates #2486 Updates #2488 Updates #2499 Updates #2501 Updates #2505 Updates #2508 Updates #2509 Updates #2511 Updates #2513 Updates #2514 Updates #2515 Updates #2517 Updates #2519 Updates #2520 Updates #2523 Updates #2540 Updates #2541 Updates #2566 Updates #2568 Updates #2569 Updates #2576 Updates #2578 Updates #2579 Updates #2580 Updates #2582 Updates #2588 Updates #2589 Updates #2590 Updates #2591 Updates #2592 Updates #2593 Updates #2594 Updates #2595 Updates #2597 Updates #2629 Updates #2635 Updates #2636 Updates #2637 Updates #2641 Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358 Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
CVE-2024-24747 references github.com/minio/minio, which may be a Go module.
Description:
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for
s3:*
actions, but alsoadmin:*
actions. Which means unless somewhere above in the access-key hierarchy, theadmin
rights are denied, access keys will be able to simply override their owns3
permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: