CVE-2024-55949

Privilege escalation in IAM import API in MinIO

Description

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.

INFO

Published Date :

2024-12-16T20:02:00.856Z

Last Modified :

2024-12-16T20:18:46.452Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-55949 vulnerability.

Vendors	Products
Minio	Minio

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55949.

URL	Resource
https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f
https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427
https://github.com/minio/minio/pull/20756
https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg
https://nvd.nist.gov/vuln/detail/CVE-2024-55949
https://www.cve.org/CVERecord?id=CVE-2024-55949