admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-274xx/CVE-2025-27414.json
cad-safe-bot 6a206bf025 Auto-Update: 2025-03-09T03:00:19.873769+00:00
2025-03-09 03:03:50 +00:00

90 lines
6.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-27414",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-28T21:15:27.957",
"lastModified": "2025-02-28T21:15:27.957",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to \nRELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication for SFTP connections when the user has the `sshPublicKey` attribute set in their LDAP server. The server trusts the client's key only when the public key is the same as the `sshPublicKey` attribute. Due to the bug, when the user has no `sshPublicKey` property in LDAP, the server ends up trusting the key allowing the client to perform any FTP operations allowed by the MinIO access policies associated with the LDAP user (or any of their groups). Three requirements must be met in order to exploit the vulnerability. First, the MinIO server must be configured to allow SFTP access and use LDAP as an external identity provider. Second, the attacker must have knowledge of an LDAP username that does not have the `sshPublicKey` property set. Third, such an LDAP username or one of their groups must also have some MinIO access policy configured. When this bug is successfully exploited, the attacker can perform any FTP operations (i.e. reading, writing, deleting and listing objects) allowed by the access policy associated with the LDAP user account (and their groups). Version 1.2.0 fixes the issue."
},
{
"lang": "es",
"value": "MinIO es un almacenamiento de objetos de alto rendimiento. A partir de RELEASE.2024-06-06T09-36-42Z y antes de RELEASE.2025-02-28T09-55-16Z, un error en la evaluaci\u00f3n de la confianza de la clave SSH utilizada en una conexi\u00f3n SFTP a MinIO permite omitir la autenticaci\u00f3n y acceder a datos no autorizados. En un servidor MinIO con acceso SFTP configurado y que utiliza LDAP como proveedor de identidad externo, MinIO admite la autenticaci\u00f3n basada en clave SSH para conexiones SFTP cuando el usuario tiene el atributo `sshPublicKey` configurado en su servidor LDAP. El servidor conf\u00eda en la clave del cliente solo cuando la clave p\u00fablica es la misma que el atributo `sshPublicKey`. Debido al error, cuando el usuario no tiene la propiedad `sshPublicKey` en LDAP, el servidor termina confiando en la clave, lo que permite al cliente realizar cualquier operaci\u00f3n FTP permitida por las pol\u00edticas de acceso de MinIO asociadas con el usuario LDAP (o cualquiera de sus grupos). Para explotar la vulnerabilidad se deben cumplir tres requisitos. En primer lugar, el servidor MinIO debe estar configurado para permitir el acceso SFTP y utilizar LDAP como proveedor de identidad externo. En segundo lugar, el atacante debe tener conocimiento de un nombre de usuario LDAP que no tenga la propiedad `sshPublicKey` configurada. En tercer lugar, dicho nombre de usuario LDAP o uno de sus grupos tambi\u00e9n debe tener configurada alguna pol\u00edtica de acceso MinIO. Cuando se explota este error con \u00e9xito, el atacante puede realizar cualquier operaci\u00f3n FTP (es decir, leer, escribir, eliminar y enumerar objetos) permitida por la pol\u00edtica de acceso asociada con la cuenta de usuario LDAP (y sus grupos). La versi\u00f3n 1.2.0 corrige el problema."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "UNREPORTED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/minio/minio/commit/4c71f1b4ec0fb2a473ddaac18c20ec9e63f267ec",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/minio/minio/commit/91e1487de45720753c9e9e4c02b1bd16b7e452fa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/minio/minio/security/advisories/GHSA-wc79-7x8x-2p58",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink