MinIO Vulnerabilities Exploited To Gain Access To Affected Servers, Allowing RCE

An unidentified threat actor is exploiting serious security flaws (CVE-2023-28432 and CVE-2023-28434) in MinIO storage systems, leading to unauthorized code execution.Security Joes, a cybersecurity firm, revealed that the attacker used a publicly available exploit chain to backdoor MinIO.These vulnerabilities were added to CISA's Known Exploited Vulnerabilities catalog on April 21, 2023.These flaws can expose sensitive data and enable remote code execution on the affected host.The attacker obtained admin credentials and replaced the MinIO client with a trojanized version using an update command.Read more...