Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/minio/minio: CVE-2024-55949 #3341

Closed
GoVulnBot opened this issue Dec 16, 2024 · 1 comment
Closed

Comments

@GoVulnBot
Copy link

Advisory CVE-2024-55949 references a vulnerability in the following Go modules:

Module
github.com/minio/minio

Description:
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit f246c9053f9603e610d98439799bdd2a6b293427 which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/minio/minio
      vulnerable_at: 0.0.0-20241215225012-02f770a0c00a
summary: CVE-2024-55949 in github.com/minio/minio
cves:
    - CVE-2024-55949
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-55949
    - fix: https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f
    - fix: https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427
    - fix: https://github.com/minio/minio/pull/20756
    - web: https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg
source:
    id: CVE-2024-55949
    created: 2024-12-16T22:01:18.266895179Z
review_status: UNREVIEWED

@tatianab
Copy link
Contributor

Duplicate of #3336

@tatianab tatianab marked this as a duplicate of #3336 Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants