2 matches found
CVE-2026-55838
CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...
PT-2022-16885 · Pomerium · Pomerium
Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to v0.17.1 Description: Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak...