漏洞描述
Minio是Apache License v2.0下发布的对象存储服务器。它与AmazonS3云存储服务兼容。它最适合存储非结构化数据,如照片,视频,日志文件,备份和容器/VM映像。对象的大小可以从几KB到最大5TB。Minio服务器足够轻,可以与应用程序堆栈捆绑在一起,类似于NodeJS,Redis和MySQL。Minio服务器存在默认账密:AccessKey:minioadmin ,SecretKey: minioadmin。
Minio 服务器默认账户密码
PoC代码
暂无相关漏洞推荐
- MinIO 权限管理不当漏洞 可导致权限提升
- POC CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC CVE-2021-41266: MinIO Operator Console Authentication Bypass
- POC CVE-2023-28432: MinIO Cluster Deployment - Information Disclosure
- POC CVE-2023-2982: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
- POC CVE-2025-31489: MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads
- POC CVE-2021-21287: MinIO Browser API - Server-Side Request Forgery
- POC CVE-2023-28432: MinIO 未授权信息泄露
- POC minio-default-password: Minio Default Password
- POC minio-default-login: Minio Default Login
- POC minio-browser: MinIO Browser
- POC minio-console: MinIO Console
- MinIO Console 存在认证绕过漏洞(CVE-2021-41266)