These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A path traversal vulnerability in MinIO's internode storage-REST endpoint allows cluster root JWT holders to read arbitrary files outside configured drive roots. The vulnerability exists in the ReadMultiple (rmpl) endpoint, where unsanitized ../ sequences in the Bucket field of a msgpack-encoded request body enable filesystem traversal. The server opens the resulting path with O_RDONLY|O_NOATIME and retur [truncated]
CVE-2023-28434 is a MinIO security feature bypass that CISA added to its Known Exploited Vulnerabilities catalog on 2023-09-19. The KEV listing indicates active exploitation risk and sets a mitigation deadline of 2023-10-10. Because the supplied corpus does not include affected versions or a CVSS score, defenders should rely on the vendor advisory and CISA guidance for remediation decisions.
CVE-2023-28432 is a MinIO information disclosure vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2023-04-21. Because it is listed as known exploited, MinIO administrators should treat remediation as urgent and follow the vendor’s update guidance.