AIKIDO-2025-10487
github.com/minio/pkg/v3 is vulnerable to Improper Privilege Management
55
Medium Risk
This Affects:
github.com/minio/pkg/v3TL;DR
Affected versions of the package are vulnerable to improper privilege management, allowing users with read-only LDAP roles to access functionality beyond their intended permissions. Specifically, a user authenticated via LDAP with read-only privileges is incorrectly granted access to the "Add User" button in the user interface. While this may not immediately result in user creation, exposing administrative UI elements to unauthorized users increases the risk of privilege escalation, accidental misuse, or exploitation through other vulnerabilities. Proper role-based access control should ensure that only users with explicit administrative privileges can view or interact with user management features.
Who does this affect?
You are affected if you are using a version which is within vulnerability ranges and if you are using the NativeJob class.
Background info
github.com/minio/pkg/v3 is vulnerable to Improper Privilege Management in versions 3.0.0 - 3.3.4.
How to fix this
Upgrade the github.com/minio/pkg/v3 library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant