"details": "### Impact\n\n_What kind of vulnerability is it? Who is impacted?_\n\nA path traversal vulnerability in MinIO's `ReadMultiple` internode storage-REST\nendpoint allows a caller holding the cluster root JWT to read files from\noutside the configured drive roots, bounded only by the MinIO process UID.\n\nDistributed-erasure (multi-node) MinIO deployments are impacted. Single-node\nstandalone deployments do not register the route and are not affected. The\nattack requires an HS512 JWT signed with `MINIO_ROOT_PASSWORD` and carrying\n`accessKey = MINIO_ROOT_USER` — the same secret every peer in the cluster\nholds to authenticate internode traffic, so a compromised peer or any actor in\npossession of the root credential can mint one.\n\nThe `ReadMultiple` handler (`cmd/storage-rest-server.go`) decodes a msgpack\n`ReadMultipleReq` body containing `Bucket`, `Prefix`, and `Files` fields and\nforwards them to `xlStorage.ReadMultiple` (`cmd/xl-storage.go`) without\nvalidation:\n\n```go\nvolumeDir := pathJoin(s.drivePath, req.Bucket) // traversal resolves here\nfor _, f := range req.Files {\n fullPath := pathJoin(volumeDir, req.Prefix, f)\n data, mt, err = s.readAllDataWithDMTime(ctx, req.Bucket, volumeDir, fullPath)\n}\n```\n\n`pathJoin` calls `path.Clean`, which resolves `..` components and produces an\nabsolute path anywhere on the filesystem — it is not a root jail. The global\n`setRequestValidityMiddleware` rejects `..` in `r.URL.Path` and `r.Form` but\ndoes not inspect request bodies, so msgpack-encoded traversal bypasses it.\nSibling storage methods (`StatInfoFile`, `ReadFileHandler`, `ReadVersion`)\nvalidate their volume argument through `s.getVolDir(volume)`, which rejects\n`..`; `ReadMultiple` skips this call.\n\nThe attacker sends `POST /minio/storage/{drivePath}/v63/rmpl` with a\nmsgpack-encoded body carrying `../` sequences in the `Bucket` field. The\nserver opens the resulting path via `os.OpenFile` with `O_RDONLY|O_NOATIME`\nand returns its contents in the msgpack response stream.\n\n**Impact by deployment:**\n\n- **Bare-metal with `User=minio` in the systemd unit** — the `O_NOATIME`\n ownership check bounds the read to files owned by the MinIO UID. Reachable\n secrets include TLS private keys, KMS/KES key material, systemd credentials,\n and data belonging to other tenants sharing the same UID on the host.\n Secrets leaked this way persist across cluster credential rotation.\n\n- **Containerized running as UID 0** (the historical default for the official\n Docker image, `docker-compose` examples, and Helm charts without\n `securityContext.runAsNonRoot`) — the primitive escalates to arbitrary\n host-filesystem disclosure: `/etc/shadow`, `/root/**`, Kubernetes\n service-account tokens, cloud-init metadata caches.\n\n**Affected components:** `cmd/storage-rest-server.go` (`ReadMultiple` handler),\n`cmd/xl-storage.go` (`xlStorage.ReadMultiple`).\n\n**CWE:** CWE-22 (Improper Limitation of a Pathname to a Restricted Directory\n— 'Path Traversal')\n\n**CVSS v4.0 Score:** 6.9 (Medium)\n\n**Vector:** `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N`\n\n### Affected Versions\n\nAll MinIO releases from `RELEASE.2022-07-24T01-54-52Z` through the final\nrelease of the minio/minio open-source project, `RELEASE.2025-09-07T16-13-09Z`.\n\nThe vulnerability was introduced in commit\n[`f939d1c18`](https://github.com/minio/minio/commit/f939d1c1831c71f4b1c14df6d9cd62b12ccce7a3)\n(\"Independent Multipart Uploads\",\n[PR #15346](https://github.com/minio/minio/pull/15346)), which added the\n`ReadMultiple` storage-REST endpoint as part of the multipart upload\nredesign. The first affected release is `RELEASE.2022-07-24T01-54-52Z`.\n\n### Patches\n\n**Fixed in**: MinIO AIStor `RELEASE.2026-04-14T21-32-45Z` (recommended\nupgrade target). The fix — which removed the `ReadMultiple` handler, the\ncorresponding storage-driver method, the msgpack datatypes, the REST-client\nwrapper, and the route registration — first shipped in **MinIO AIStor\n`RELEASE.2024-10-23T19-38-07Z`**. Every AIStor release from\n`RELEASE.2024-10-23T19-38-07Z` onward is unaffected; users should upgrade to\n`RELEASE.2026-04-14T21-32-45Z` or later to pick up the accumulated fixes and\nimprovements shipped since.\n\n#### Binary Downloads\n\n| Platform | Architecture | Download |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux | amd64 | [minio](https://dl.min.io/aistor/minio/release/linux-amd64/minio) |\n| Linux | arm64 | [minio](https://dl.min.io/aistor/minio/release/linux-arm64/minio) |\n| macOS | arm64 | [minio](https://dl.min.io/aistor/minio/release/darwin-arm64/minio) |\n| macOS | amd64 | [minio](https://dl.min.io/aistor/minio/release/darwin-amd64/minio) |\n| Windows | amd64 | [minio.exe](https://dl.min.io/aistor/minio/release/windows-amd64/minio.exe) |\n\n#### FIPS Binaries\n\n| Platform | Architecture | Download |\n| -------- | ------------ | --------------------------------------------------------------------------- |\n| Linux | amd64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-amd64/minio.fips) |\n| Linux | arm64 | [minio.fips](https://dl.min.io/aistor/minio/release/linux-arm64/minio.fips) |\n\n#### Package Downloads\n\n| Format | Architecture | Download |\n| ------ | ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |\n| DEB | amd64 | [minio_20260414213245.0.0_amd64.deb](https://dl.min.io/aistor/minio/release/linux-amd64/minio_20260414213245.0.0_amd64.deb) |\n| DEB | arm64 | [minio_20260414213245.0.0_arm64.deb](https://dl.min.io/aistor/minio/release/linux-arm64/minio_20260414213245.0.0_arm64.deb) |\n| RPM | amd64 | [minio-20260414213245.0.0-1.x86_64.rpm](https://dl.min.io/aistor/minio/release/linux-amd64/minio-20260414213245.0.0-1.x86_64.rpm) |\n| RPM | arm64 | [minio-20260414213245.0.0-1.aarch64.rpm](https://dl.min.io/aistor/minio/release/linux-arm64/minio-20260414213245.0.0-1.aarch64.rpm) |\n\n#### Container Images\n\n```bash\n# Standard\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z\n\n# FIPS\ndocker pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips\npodman pull quay.io/minio/aistor/minio:RELEASE.2026-04-14T21-32-45Z.fips\n```\n\n#### Homebrew (macOS)\n\n```bash\nbrew install minio/aistor/minio\n```\n\n### Workarounds\n\n- [Users of the open-source `minio/minio` project should upgrade to MinIO AIStor `RELEASE.2026-04-14T21-32-45Z` or later.](https://docs.min.io/enterprise/aistor-object-store/upgrade-aistor-server/community-edition/)\n\nIf upgrading is not immediately possible:\n\n- **Rotate the root credential and restrict who holds it.** The exploit\n requires a JWT signed with `MINIO_ROOT_PASSWORD`. Treat the root credential\n as the host-filesystem disclosure primitive that it is: rotate it after any\n suspected exposure, store it only in the secret manager that bootstraps the\n cluster, and do not hand it to applications or operators who only need\n object-level access.\n\n- **Do not run the MinIO container as UID 0.** Set\n `securityContext.runAsNonRoot: true` (and a non-zero `runAsUser`) in\n Kubernetes manifests, or add `--user` to `docker run`. This reduces the\n blast radius from arbitrary host-filesystem disclosure to MinIO-UID-owned\n files only.\n\n- **Restrict the internode storage-REST port at the network layer.** In\n distributed deployments, the storage-REST route is served on the same port\n as the S3 API by default. Where feasible, use `--internode-port` to expose\n internode traffic on a separate interface reachable only from other cluster\n peers, and block that interface from client networks.\n\n### Credits\n\n- **Finders:** Discovered by Claude, Anthropic's AI assistant, and triaged by\n **Adrian Denkiewicz** at **Doyensec** in collaboration with **Anthropic\n Research**.\n\n### Resources\n\n- Introducing commit: [`f939d1c18`](https://github.com/minio/minio/commit/f939d1c1831c71f4b1c14df6d9cd62b12ccce7a3)\n ([PR #15346](https://github.com/minio/minio/pull/15346))\n- [CWE-22 — Improper Limitation of a Pathname to a Restricted Directory](https://cwe.mitre.org/data/definitions/22.html)\n- [CVE-2022-35919 — MinIO admin-authenticated path traversal in server-update endpoint (same class, different channel)](https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvg)\n- [MinIO AIStor](https://min.io/aistor)",
0 commit comments