CVE-2023-28432

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z", "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q", "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q", "tags": ["Exploit", "Vendor Advisory"], "refsource": ""}, {"url": "https://twitter.com/Andrew___Morris/status/1639325397241278464", "name": "https://twitter.com/Andrew___Morris/status/1639325397241278464", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt", "name": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean", "name": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z", "name": "https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean", "name": "https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt", "name": "https://viz.greynoise.io/tag/minio-information-disclosure-attempt", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://twitter.com/Andrew___Morris/status/1639325397241278464", "name": "https://twitter.com/Andrew___Morris/status/1639325397241278464", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q", "name": "https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q", "tags": ["Exploit", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY`\nand `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-28432", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2023-03-22T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2023-03-20t20-16-18z", "versionStartIncluding": "2019-12-17t23-16-33z"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-07T22:04Z"}