CVE-2023-28434: MinIO Security Feature Bypass Vulnerability. MinIO contains
MinIO Security Feature Bypass Vulnerability. MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access.
- CISA KEV-listed (remediation due 2023-10-10)
- EPSS 52.1% (98.0% percentile)