CVE-2023-28432
MinIO Information Disclosure Vulnerability
CVSS
—
No CVSS
EPSS
84.0%
p100
KEV
YES
Apr 21, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
84.0%EPSS · 30 days84.0%
2026-06-302026-07-16
Product
MinIO / MinIO
Vulnerability
MinIO Information Disclosure Vulnerability
Added to KEV
Apr 21, 2023
Remediate by
May 12, 2023
Known ransomware use
No
Summary description
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Required action
Apply updates per vendor instructions.
Notes
https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-28434—93.2%
KEV—78MinIO Security Feature Bypass Vulnerability—