Threat Advisories - NVD Disclosed March 22, 2023

CVE-2023-28434

MinIO Object Storage: Unauthorized Object Placement Risk

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

The Minio object storage framework has a vulnerability allowing unauthorized object placement into any bucket via crafted requests. This impacts organizations with affected versions and requires specific credentials and Console API access for exploitation, posing a risk to data integrity.

NVD published: March 22, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-28432

MinIO Information Disclosure in Cluster Deployments

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

MinIO cluster deployments can disclose sensitive environment variables, including access keys and passwords. This information disclosure presents a business risk by potentially compromising data and systems. Organizations are advised to update affected MinIO instances.

NVD published: March 22, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-0386

Linux Kernel Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A Linux kernel flaw in OverlayFS allows local users to escalate privileges by copying capable files between mounts. This impacts system integrity and data security. The realistic business risk involves unauthorized administrative control.

NVD published: March 22, 2023 • CISA KEV