4 matches found
CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...
CVE-2026-40937
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any...
GHSA-PFCQ-4GJR-6GJM RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks
Missing Admin Auth on Notification Target Endpoints in RustFS Finding Summary All four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any admin-action...
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks
Missing Admin Auth on Notification Target Endpoints in RustFS Finding Summary All four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a checkpermissions helper that validates authentication only access key + session token, without performing any admin-action...