.. / CVE-2021-21287

Exploit for MinIO Browser API - Server-Side Request Forgery (CVE-2021-21287)

Description:

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.

Nuclei Template

View the template here CVE-2021-21287.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21287.yaml

References:

https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html
https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276
https://nvd.nist.gov/vuln/detail/CVE-2021-21287
https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q
https://github.com/minio/minio/pull/11337