3 matches found
CVE-2026-22782
RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...
CVE-2026-22782
RustFS (RustFS) vulnerability CVE-2026-22782: an invalid RPC signature path in crates/ecstore/src/rpc/http_auth.rs logs the shared HMAC secret and the expected_signature for any invalidly signed request, exposing the secret to log readers and enabling forged RPC calls. Affected versions are 1.0.0...
GHSA-333V-68XH-8MMQ RustFS's RPC signature verification logs shared secret
Summary Invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. Details In crates/ecstore/src/rpc/httpauth.rs:115-122 , the invalid signature branch logs sensitive data: rs if signature !=...