CVE-2022-35919

Name: CVE-2022-35919
Creator: NVD / NIST
Published: 2022-08-01T22:15:10.28+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2.7/10EPSS 52.33%

Last modified Jun 17, 2026

CVE-2022-35919 is a low-severity vulnerability rated 2.7/10 on the CVSS scale. MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. EPSS estimates a 52.33% chance of exploitation in the next 30 days.

Description

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.

Metrics

CVSS 3.1

2.7/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

52.33%

98.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Minio	Minio	< 2022-07-29t19-40-48z

References

http://packetstormsecurity.com/files/175010/Minio-2022-07-29T19-40-48Z-Path-Traversal.html
https://github.com/minio/minio/commit/bc72e4226e669d98c8e0f3eccc9297be9251c692Patch, Third Party Advisory
https://github.com/minio/minio/pull/15429Patch, Third Party Advisory
https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvgExploit, Mitigation, Patch, Third Party Advisory
http://packetstormsecurity.com/files/175010/Minio-2022-07-29T19-40-48Z-Path-Traversal.html
https://github.com/minio/minio/commit/bc72e4226e669d98c8e0f3eccc9297be9251c692Patch, Third Party Advisory
https://github.com/minio/minio/pull/15429Patch, Third Party Advisory
https://github.com/minio/minio/security/advisories/GHSA-gr9v-6pcm-rqvgExploit, Mitigation, Patch, Third Party Advisory

Timeline

Published: Aug 1, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-35919?

How severe is CVE-2022-35919?

CVE-2022-35919 has a CVSS score of 2.7/10 (LOW severity). The EPSS model estimates a 52.33% probability of exploitation in the next 30 days.

How do I fix CVE-2022-35919?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-35919?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST