CVE-2024-55949

N/A Unknown
Published: December 16, 2024 Modified: April 15, 2026
View on NVD

Description

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/minio/minio/commit/580d9db85e04f1b63cc2909af50f0ed08afa965f
Source: security-advisories@github.com
https://github.com/minio/minio/commit/f246c9053f9603e610d98439799bdd2a6b293427
Source: security-advisories@github.com
https://github.com/minio/minio/pull/20756
Source: security-advisories@github.com
https://github.com/minio/minio/security/advisories/GHSA-cwq8-g58r-32hg
Source: security-advisories@github.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
54th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-269

Related CVEs

CVE-2026-41304 N/A
CVE-2026-41144 N/A
CVE-2026-41136 N/A
CVE-2026-41135 7.5
CVE-2026-41133 8.8