190 matches found
CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...
CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...
EUVD-2026-5219
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...
CVE-2026-21862
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...
CVE-2026-21862
RustFS had an authorization bypass vulnerability in IP-based access control prior to alpha.78. The get_condition_values logic trusts client-supplied X-Forwarded-For/X-Real-IP without proxy verification, allowing reachable clients to spoof aws:SourceIp and defeat IP allowlists. This can enable una...
rustfs 日志信息泄露漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS from alpha.13 to alpha.81 have a vulnerability related to log information leakage. This vulnerability stems from storing sensitive credentials as plain-text records in application logs, which can lead to...
rustfs 安全漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS alpha.78 contained security vulnerabilities, which stemmed from IP access control bypasses. These vulnerabilities could allow access to systems that meet the requirements of an IP whitelist policy...
PT-2026-6470
Summary RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive...
PT-2026-6099
Name of the Vulnerable Software and Affected Versions RustFS versions prior to alpha.78 Description RustFS, a distributed object storage system, had a flaw in its access control mechanism. Specifically, the get condition values function improperly trusted the X-Forwarded-For and X-Real-Ip headers...
PT-2026-6208
Name of the Vulnerable Software and Affected Versions RustFS versions alpha.13 through alpha.81 Description RustFS logs sensitive credential material, including access key, secret key, and session token, to application logs at the INFO level. This results in credentials being recorded in plaintex...
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782 RustFS RPC signature verification logs shared secret
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782 RustFS RPC signature verification logs shared secret
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782
RustFS (RustFS) vulnerability CVE-2026-22782: an invalid RPC signature path in crates/ecstore/src/rpc/http_auth.rs logs the shared HMAC secret and the expected_signature for any invalidly signed request, exposing the secret to log readers and enabling forged RPC calls. Affected versions are 1.0.0...
CVE-2026-22782 RustFS RPC signature verification logs shared secret
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
GHSA-333V-68XH-8MMQ RustFS's RPC signature verification logs shared secret
Summary Invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. Details In crates/ecstore/src/rpc/httpauth.rs:115-122 , the invalid signature branch logs sensitive data: rs if signature !=...
Rustfs log information leakage vulnerability
RustFS is a high-performance object storage system developed by RustFS. Versions 1.0.0-alpha.1 to 1.0.0-alpha.79 of RustFS contain a vulnerability related to log information leakage. This vulnerability arises from invalid RPC signatures, which allow the server to record shared HMAC keys,...
PT-2026-3260
Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. Invalid RPC signatures cause the server to log the shared HMAC secret and the expected signature. This exposes the...