2 matches found
PT-2026-52966
Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...
GHSA-4XRH-5M3M-328W @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies
Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation. Patched in 1.3.2: the validator inspects the affected policy shapes and includes...