Lucene search
K

5 matches found

OSV
OSV
added 2026/04/08 12:15 a.m.6 views

GHSA-MX42-J6WV-PX98 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

5.3CVSS5.8AI score0.00201EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/08 12:15 a.m.7 views

RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenan...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/07 6:58 p.m.19 views

CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS0.00201EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:58 p.m.2 views

CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 6:58 p.m.22 views

CVE-2026-39360

RustFS contains an authorization bypass in the multipart copy path (UploadPartCopy) prior to alpha.90. A low-privileged user who cannot read objects from a victim bucket can exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload, breaking ...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder