CVE-2021-41266

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41266

Aliases

Related

GHSA-4999-659w-mq36

Published

2021-11-15T21:15:07.320Z

Modified

2026-03-15T14:44:52.159742Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLEIDPURL, CONSOLEIDPCLIENTID, CONSOLEIDPSECRET and CONSOLEIDP_CALLBACK environment variable and instead use the Kubernetes service account token.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41266.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "0.12.3"
            }
        ]
    }
]