From 1d6f843c95a81452f5045cc4681af708333c32b6 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Thu, 23 Mar 2023 17:03:39 +0000
Subject: [PATCH] Auto Generated CVE annotations [Thu Mar 23 17:03:39 UTC 2023]
 :robot:

---
 cves/2023/CVE-2023-28432.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cves/2023/CVE-2023-28432.yaml b/cves/2023/CVE-2023-28432.yaml
index ca48d52d72..d817ea339e 100644
--- a/cves/2023/CVE-2023-28432.yaml
+++ b/cves/2023/CVE-2023-28432.yaml
@@ -5,20 +5,20 @@ info:
   severity: high
   description: |
     Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
-  remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z
   reference:
     - https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
     - https://github.com/minio/minio/pull/16853/files
     - https://github.com/golang/vulndb/issues/1667
     - https://github.com/CVEProject/cvelist/blob/master/2023/28xxx/CVE-2023-28432.json
+  remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2023-28432
     cwe-id: CWE-200
   metadata:
-    verified: "true"
     shodan-query: title:"Minio Console"
+    verified: "true"
   tags: cve,cve2023,minio,console
 requests:
   - raw: