{"id":"CVE-2020-11012","details":"MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z.","aliases":["BIT-minio-2020-11012"],"modified":"2026-03-15T21:57:02.152031Z","published":"2020-04-23T22:15:12.833Z","related":["CGA-846x-44xp-j5v4","GHSA-xv4r-vccv-mg4w"],"references":[{"type":"ADVISORY","url":"https://github.com/minio/minio/pull/9422"},{"type":"ADVISORY","url":"https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z"},{"type":"FIX","url":"https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923"},{"type":"FIX","url":"https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/minio/minio","events":[{"introduced":"0"},{"fixed":"6817c5ea58fbc7975e96d2af7801d358a7d4ede4"},{"fixed":"4cd6ca02c7957aeb2de3eede08b0754332a77923"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2020-04-23t00-58-49z"}]}}],"versions":["OFFICIAL.2016-02-08T00-12-28Z","RELEASE.2016-03-11T03-45-50Z","RELEASE.2016-03-21T21-08-51Z","RELEASE.2016-04-14T18-38-10Z","RELEASE.2016-06-03T19-32-05Z","RELEASE.2016-07-13T21-46-05Z","RELEASE.2016-08-16T23-19-45Z","RELEASE.2016-08-21T02-44-47Z","RELEASE.2016-09-11T17-42-18Z","RELEASE.2016-12-12T18-35-43Z","RELEASE.2016-12-12T23-44-33Z","RELEASE.2016-12-13T17-19-42Z","RELEASE.2017-08-05T00-00-53Z","RELEASE.2017-09-29T19-16-56Z","RELEASE.2017-10-27T18-59-02Z","RELEASE.2017-11-22T19-55-46Z","RELEASE.2017-12-28T01-21-00Z","RELEASE.2018-01-02T23-07-00Z","RELEASE.2018-01-18T20-33-21Z","RELEASE.2018-02-09T22-40-05Z","RELEASE.2018-03-12T21-25-28Z","RELEASE.2018-03-16T22-52-12Z","RELEASE.2018-03-19T19-22-06Z","RELEASE.2018-03-28T23-45-53Z","RELEASE.2018-03-30T00-38-44Z","RELEASE.2018-04-04T05-20-54Z","RELEASE.2018-04-12T23-41-09Z","RELEASE.2018-04-19T22-54-58Z","RELEASE.2018-04-27T23-33-52Z","RELEASE.2018-05-04T23-13-12Z","RELEASE.2018-05-10T00-00-42Z","RELEASE.2018-05-11T00-29-24Z","RELEASE.2018-05-16T23-35-33Z","RELEASE.2018-05-25T19-49-13Z","RELEASE.2018-06-07T19-10-07Z","RELEASE.2018-06-08T03-49-38Z","RELEASE.2018-06-09T03-43-35Z","RELEASE.2018-06-22T23-48-46Z","RELEASE.2018-06-29T02-11-29Z","RELEASE.2018-07-10T01-42-11Z","RELEASE.2018-07-13T00-09-07Z","RELEASE.2018-07-23T18-34-49Z","RELEASE.2018-07-31T02-11-47Z","RELEASE.2018-08-02T23-11-36Z","RELEASE.2018-08-18T03-49-57Z","RELEASE.2018-08-21T00-37-20Z","RELEASE.2018-08-25T01-56-38Z","RELEASE.2018-09-01T00-38-25Z","RELEASE.2018-09-11T01-39-21Z","RELEASE.2018-09-12T18-49-56Z","RELEASE.2018-09-25T21-34-43Z","RELEASE.2018-10-05T01-03-03Z","RELEASE.2018-10-06T00-15-16Z","RELEASE.2018-10-18T00-28-58Z","RELEASE.2018-10-25T01-27-03Z","RELEASE.2018-11-06T01-01-02Z","RELEASE.2018-11-15T01-26-07Z","RELEASE.2018-11-17T01-23-48Z","RELEASE.2018-11-22T02-51-56Z","RELEASE.2018-11-30T03-56-59Z","RELEASE.2018-12-06T01-27-43Z","RELEASE.2018-12-13T02-04-19Z","RELEASE.2018-12-19T23-46-24Z","RELEASE.2018-12-27T18-33-08Z","RELEASE.2019-01-10T00-21-20Z","RELEASE.2019-01-16T21-44-08Z","RELEASE.2019-01-23T23-18-58Z","RELEASE.2019-01-31T00-31-19Z","RELEASE.2019-02-06T21-16-36Z","RELEASE.2019-02-12T21-58-47Z","RELEASE.2019-02-14T00-21-45Z","RELEASE.2019-02-20T22-44-29Z","RELEASE.2019-02-26T19-51-46Z","RELEASE.2019-03-06T22-47-10Z","RELEASE.2019-03-13T21-59-47Z","RELEASE.2019-03-20T22-38-47Z","RELEASE.2019-03-27T22-35-21Z","RELEASE.2019-04-04T18-31-46Z","RELEASE.2019-04-09T01-22-30Z","RELEASE.2019-04-18T01-15-57Z","RELEASE.2019-04-18T21-44-59Z","RELEASE.2019-04-23T23-50-36Z","RELEASE.2019-05-02T19-07-09Z","RELEASE.2019-05-14T23-57-45Z","RELEASE.2019-05-23T00-29-34Z","RELEASE.2019-06-01T03-46-14Z","RELEASE.2019-06-04T01-15-58Z","RELEASE.2019-06-11T00-44-33Z","RELEASE.2019-06-13T01-41-13Z","RELEASE.2019-06-15T23-07-18Z","RELEASE.2019-06-19T18-24-42Z","RELEASE.2019-06-27T21-13-50Z","RELEASE.2019-07-05T21-20-21Z","RELEASE.2019-07-10T00-34-56Z","RELEASE.2019-07-17T22-54-12Z","RELEASE.2019-07-24T02-02-23Z","RELEASE.2019-07-31T18-57-56Z","RELEASE.2019-08-01T22-18-54Z","RELEASE.2019-08-07T01-59-21Z","RELEASE.2019-08-14T20-37-41Z","RELEASE.2019-08-21T19-40-07Z","RELEASE.2019-08-29T00-25-01Z","RELEASE.2019-09-05T23-24-38Z","RELEASE.2019-09-11T19-53-16Z","RELEASE.2019-09-18T21-55-05Z","RELEASE.2019-09-25T18-25-51Z","RELEASE.2019-09-26T19-42-35Z","RELEASE.2019-10-02T21-19-38Z","RELEASE.2019-10-11T00-38-09Z","RELEASE.2019-10-12T01-39-57Z","RELEASE.2019-12-17T23-16-33Z","RELEASE.2019-12-19T22-52-26Z","RELEASE.2019-12-24T23-04-45Z","RELEASE.2019-12-30T05-45-39Z","RELEASE.2020-01-03T19-12-21Z","RELEASE.2020-01-16T03-05-44Z","RELEASE.2020-01-16T22-40-29Z","RELEASE.2020-01-25T02-50-51Z","RELEASE.2020-02-07T04-56-50Z","RELEASE.2020-02-07T23-28-16Z","RELEASE.2020-02-20T22-51-23Z","RELEASE.2020-02-27T00-23-05Z","RELEASE.2020-03-05T01-04-19Z","RELEASE.2020-03-06T22-23-56Z","RELEASE.2020-03-09T18-26-53Z","RELEASE.2020-03-14T02-21-58Z","RELEASE.2020-03-19T21-49-00Z","RELEASE.2020-03-25T07-03-04Z","RELEASE.2020-04-02T21-34-49Z","RELEASE.2020-04-04T05-39-31Z","RELEASE.2020-04-10T03-34-42Z","RELEASE.2020-04-15T00-39-01Z","RELEASE.2020-04-15T19-42-18Z","RELEASE.2020-04-22T00-11-12Z","release-1434511043"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11012.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}