Security for everyone

CVE-2021-21287 Scanner

Detects 'Server-Side Request Forgery (SSRF)' vulnerability in MinIO affects v. < RELEASE.2021-01-30T00-20-58Z.

SCAN NOW

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-21287 Scanner Detail

MinIO is a high-performance object storage software that allows users to store large amounts of unstructured data. Released under the Apache License v2.0, it is designed to operate in production environments and is compatible with a wide variety of platforms, programming languages, and applications. MinIO provides a highly scalable and distributed system that can accommodate billions of files and petabytes of data across multiple nodes in a single cluster.

However, MinIO’s security has been compromised with the discovery of the CVE-2021-21287 vulnerability. This vulnerability is a server-side request forgery (SSRF) attack that can be exploited through the software’s URL-import and -export functionalities. By tampering with these functions, attackers can modify URLs and manipulate how they are built, allowing them to access internal resources on the server and compromise its security.

When exploited, this vulnerability can lead to a wide range of malicious attacks. Attackers can gain access to confidential information such as AWS metadata, connect to internal HTTP-enabled databases, and perform post requests towards internal services that are not intended to be exposed. This ultimately leads to sensitive data being compromised, and businesses risk losing their reputation, trust, and customer base.

Thanks to the pro features of the securityforeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. By using this platform, businesses can identify security risks and take action to protect their data and infrastructure. Trusting the security of your digital assets to securityforeveryone.com ensures that your organization's needs are met with the latest cybersecurity technology and innovations.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture