Auto Generated CVE annotations [Thu Mar 23 17:03:39 UTC 2023] 🤖

cves/2023/CVE-2023-28432.yaml

@@ -5,20 +5,20 @@ info:
   severity: high
   description: |
     Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
-  remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z
   reference:
     - https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
     - https://github.com/minio/minio/pull/16853/files
     - https://github.com/golang/vulndb/issues/1667
     - https://github.com/CVEProject/cvelist/blob/master/2023/28xxx/CVE-2023-28432.json
+  remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2023-28432
     cwe-id: CWE-200
   metadata:
-    verified: "true"
     shodan-query: title:"Minio Console"
+    verified: "true"
   tags: cve,cve2023,minio,console
 requests:
   - raw: