CVE-2022-24842
- Source
- https://cve.org/CVERecord?id=CVE-2022-24842
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24842.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24842
- Aliases
-
- BIT-minio-2022-24842
- GHSA-2j69-jjmg-534q
- Published
- 2022-04-12T17:20:18Z
- Modified
- 2026-02-21T03:03:29.473852Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Privilege Management in MinIO
- Details
-
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. This in turn allows the user to escalate privilege to that of the root user. This vulnerability has been resolved in pull request #14729 and is included in
RELEASE.2022-04-12T06-55-35Z. Users unable to upgrade may workaround this issue by explicitly adding aadmin:CreateServiceAccountdeny policy, however, this, in turn, denies the user the ability to create their own service accounts as well. - Database specific
{ "cwe_ids": [ "CWE-269" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24842.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24842.json
- https://github.com/minio/minio/commit/66b14a0d32684d527ae8018dc6d9d46ccce58ae3
- https://github.com/minio/minio/pull/14729
- https://github.com/minio/minio/security/advisories/GHSA-2j69-jjmg-534q
- https://nvd.nist.gov/vuln/detail/CVE-2022-24842
Affected packages
Git / github.com/minio/minio
Affected versions
RELEASE.*
RELEASE.2021-12-09T06-19-41Z
RELEASE.2021-12-10T23-03-39Z
RELEASE.2021-12-18T04-42-33Z
RELEASE.2021-12-20T22-07-16Z
RELEASE.2021-12-27T07-23-18Z
RELEASE.2021-12-29T06-49-06Z
RELEASE.2022-01-03T18-22-58Z
RELEASE.2022-01-04T07-41-07Z
RELEASE.2022-01-07T01-53-23Z
RELEASE.2022-01-08T03-11-54Z
RELEASE.2022-01-25T19-56-04Z
RELEASE.2022-01-27T03-53-02Z
RELEASE.2022-01-28T02-28-16Z
RELEASE.2022-02-01T18-00-14Z
RELEASE.2022-02-05T04-40-59Z
RELEASE.2022-02-07T08-17-33Z
RELEASE.2022-02-12T00-51-25Z
RELEASE.2022-02-16T00-35-27Z
RELEASE.2022-02-17T23-22-26Z
RELEASE.2022-02-18T01-50-10Z
RELEASE.2022-02-24T22-12-01Z
RELEASE.2022-02-26T02-54-46Z
RELEASE.2022-03-03T21-21-16Z
RELEASE.2022-03-05T06-32-39Z
RELEASE.2022-03-08T22-28-51Z
RELEASE.2022-03-11T11-08-23Z
RELEASE.2022-03-11T23-57-45Z
RELEASE.2022-03-14T18-25-24Z
RELEASE.2022-03-17T02-57-36Z
RELEASE.2022-03-17T06-34-49Z
RELEASE.2022-03-22T02-05-10Z
RELEASE.2022-03-24T00-43-44Z
RELEASE.2022-03-26T06-49-28Z
RELEASE.2022-04-01T03-41-39Z
RELEASE.2022-04-08T19-44-35Z
RELEASE.2022-04-09T15-09-52Z