CVE-2025-32963

Sažetak

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0.

Reference

https://github.com/minio/operator/releases/tag/v7.1.0
https://github.com/minio/operator/security/advisories/GHSA-7m6v-q233-q9j9

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-04-2025 - 18:16

Objavljeno

22-04-2025 - 18:16