{"api_version":"1","generated_at":"2026-04-22T23:09:22+00:00","cve":"CVE-2023-28432","urls":{"html":"https://cve.report/CVE-2023-28432","api":"https://cve.report/api/cve/CVE-2023-28432.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-28432","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-28432"},"summary":{"title":"MinIO Information Disclosure Vulnerability","description":"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-03-22 21:15:00","updated_at":"2023-11-07 04:10:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://twitter.com/Andrew___Morris/status/1639325397241278464","name":"https://twitter.com/Andrew___Morris/status/1639325397241278464","refsource":"MISC","tags":[],"title":"JavaScript is not available.","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z","name":"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z","refsource":"MISC","tags":[],"title":"Release Security and Bug Fixes Release · minio/minio · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://viz.greynoise.io/tag/minio-information-disclosure-attempt","name":"https://viz.greynoise.io/tag/minio-information-disclosure-attempt","refsource":"MISC","tags":[],"title":"Tag Details | GreyNoise Visualizer","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","name":"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","refsource":"MISC","tags":[],"title":"Information Disclosure in Cluster Deployment · Advisory · minio/minio · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean","name":"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean","refsource":"MISC","tags":[],"title":"OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-28432","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28432","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"28432","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"minio","cpe5":"minio","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"28432","cve":"CVE-2023-28432","vendorProject":"MinIO","product":"MinIO","vulnerabilityName":"MinIO Information Disclosure Vulnerability","dateAdded":"2023-04-21","shortDescription":"MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2023-05-12","knownRansomwareCampaignUse":"Unknown","notes":"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432","cwes":"CWE-200","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2023","cve_id":"28432","cve":"CVE-2023-28432","epss":"0.940040000","percentile":"0.998940000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:42"},"legacy_qids":[{"cve":"CVE-2023-28432","qid":"150665","title":"MinIO Information Disclosure Vulnerability (CVE-2023-28432)"},{"cve":"CVE-2023-28432","qid":"730787","title":"MinIO Information Disclosure Vulnerability"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-28432","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"minio","product":{"product_data":[{"product_name":"minio","version":{"version_data":[{"version_affected":"=","version_value":">= RELEASE.2019-12-17T23-16-33Z, < RELEASE.2023-03-20T20-16-18Z"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","refsource":"MISC","name":"https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q"},{"url":"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z","refsource":"MISC","name":"https://github.com/minio/minio/releases/tag/RELEASE.2023-03-20T20-16-18Z"},{"url":"https://twitter.com/Andrew___Morris/status/1639325397241278464","refsource":"MISC","name":"https://twitter.com/Andrew___Morris/status/1639325397241278464"},{"url":"https://viz.greynoise.io/tag/minio-information-disclosure-attempt","refsource":"MISC","name":"https://viz.greynoise.io/tag/minio-information-disclosure-attempt"},{"url":"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean","refsource":"MISC","name":"https://www.greynoise.io/blog/openai-minio-and-why-you-should-always-use-docker-cli-scan-to-keep-your-supply-chain-clean"}]},"source":{"advisory":"GHSA-6xvq-wj2x-3h3q","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-03-22 21:15:00","lastModifiedDate":"2023-11-07 04:10:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*","versionStartIncluding":"2019-12-17t23-16-33z","versionEndExcluding":"2023-03-20t20-16-18z","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}