MinIO CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited MinIO CVE published 2023-09-19

CVE-2023-28434

CVE-2023-28434 is a MinIO security feature bypass that CISA added to its Known Exploited Vulnerabilities catalog on 2023-09-19. The KEV listing indicates active exploitation risk and sets a mitigation deadline of 2023-10-10. Because the supplied corpus does not include affected versions or a CVSS score, defenders should rely on the vendor advisory and CISA guidance for remediation decisions.

Known exploited MinIO CVE published 2023-04-21

CVE-2023-28432

CVE-2023-28432 is a MinIO information disclosure vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2023-04-21. Because it is listed as known exploited, MinIO administrators should treat remediation as urgent and follow the vendor’s update guidance.