MinIO (a widely-used "high-performance, S3 compatible object store" published this advisory, which allows for unauthenticated overwrites of any file.
Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.
This is the write up from my first Google vulnerability which exposed a whole bunch of call logs. It was a fun thing to discover and a nice reminder that even Google isn't infallible to these sorts of breaches.
Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.