CVE-2024-55949
CVSS V2 None
CVSS V3 None
Description
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.
Overview
- CVE ID
- CVE-2024-55949
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-16T20:02:00.856Z
- Last Modified Date
- 2024-12-16T20:18:46.452Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg | x_refsource_CONFIRM |
https://github.com/minio/minio/pull/20756 | x_refsource_MISC |
https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f | x_refsource_MISC |
https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-55949 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55949 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-17 13:34:16 | Added to TrackCVE |