Lucene search
+L

4 matches found

github
github
added 2026/01/08 8:36 p.m.14 views

RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

8.8CVSS7.1AI score0.00392EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/01/08 8:36 p.m.6 views

GHSA-VCWH-PFF9-64CC RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

7.1CVSS5.8AI score0.00392EPSS
Exploits1References3
cve
cve
added 2026/01/08 2:58 p.m.22 views

CVE-2026-22042

CVE-2026-22042 / RustFS : Prior to 1.0.0-alpha.79, the ImportIam admin API validates permissions with ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Importing IAM data can create or modify users, groups, policies, an...

8.8CVSS6.5AI score0.00392EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/01/08 12:0 a.m.13 views

PT-2026-2143

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.79 Description RustFS is a distributed object storage system built in Rust. The ImportIam API endpoint incorrectly validates permissions using ExportIAMAction instead of ImportIAMAction. This allows a...

7.1CVSS6.7AI score0.00392EPSS
Exploits1References4
Rows per page
Query Builder