ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)

SID: 2047923Rev: 18 viewsHistory

Sourceet/open

CreatedSeptember 5, 2023

UpdatedSeptember 5, 2023

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)"; flow:established, to_server; http.method; content:"POST"; http.uri; content:"/minio/bootstrap/v1/verify"; fast_pattern; reference:url,www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; reference:cve,2023-28432; classtype:attempted-admin; sid:2047923; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2023_09_05, cve CVE_2023_28432, deployment Perimeter, deployment SSLDecrypt, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2023_09_05, reviewed_at 2024_10_02, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)

References

url	www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
cve	2023-28432

Metadata

affected productWeb_Server_Applications

attack targetWeb_Server

created at2023_09_05

cveCVE-2023-28432

deploymentSSLDecrypt

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2023_09_05

reviewed at2024_10_02

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!