ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)

SID: 2047924Rev: 18 viewsHistory

Sourceet/open

CreatedSeptember 5, 2023

UpdatedSeptember 5, 2023

Classificationattempted-admin

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|22|MINIO_ROOT_PASSWORD"; fast_pattern; content:"|22|MINIO_SECRET_KEY|22 3a 22|"; reference:url,www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; reference:cve,2023-28432; classtype:attempted-admin; sid:2047924; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2023_09_05, cve CVE_2023_28432, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2023_09_05, reviewed_at 2023_09_05, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:src_ip;)

References

url	www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
cve	2023-28432

Metadata

affected productWeb_Server_Applications

attack targetWeb_Server

created at2023_09_05

cveCVE-2023-28432

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

tagCISA_KEV

updated at2023_09_05

reviewed at2023_09_05

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1082

mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!