漏洞描述
MinIO控制台是用于MinIO操作器的图形用户界面。MinIO本身是一个多云对象存储项目。当启用外部IDP时,受影响的版本会受到操作员控制台中身份验证绕过问题的影响。
MinIO Console 存在认证绕过漏洞(CVE-2021-41266)
PoC代码
暂无相关漏洞推荐
- POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
- MinIO 权限管理不当漏洞 可导致权限提升
- Apache ActiveMQ Artemis Console存在默认账号密码
- POC CVE-2015-3224: Ruby on Rails Web Console - Remote Code Execution
- POC CVE-2018-17431: Comodo Unified Threat Management Web Console - Remote Code Execution
- POC CVE-2018-19439: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
- POC CVE-2019-2729: Oracle WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-17453: WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
- POC CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC CVE-2021-41266: MinIO Operator Console Authentication Bypass
- POC CVE-2022-24856: Flyte Console <0.52.0 - Server-Side Request Forgery
- POC CVE-2023-28432: MinIO Cluster Deployment - Information Disclosure