Vulnerabilidades em rustfs
20 resultadosCVE-2025-68926CRITICALRustFS has a gRPC Hardcoded Token Authentication BypassEPSS 29.0%CVE-2025-68705HIGHRustFS Path Traversal VulnerabilityEPSS 6.6%CVE-2026-27822CRITICALRust has Critical Stored XSS in Preview Modal, leading to Administrative Account TakeoverEPSS 6.0%CVE-2026-22782LOWRustFS RPC signature verification logs shared secretEPSS 0.5%CVE-2026-22042MEDIUMRustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege EscalationEPSS 0.4%CVE-2026-22043MEDIUMRustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account MintingEPSS 0.4%CVE-2026-45044HIGHRustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlersEPSS 0.3%CVE-2026-47136MEDIUMRustFS: Unauthenticated RustFS console license endpoint exposes license metadataEPSS 0.3%CVE-2026-40937HIGHRustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooksEPSS 0.3%CVE-2025-69255MEDIUMRustFS gRPC GetMetrics deserialization panic enables remote DoSEPSS 0.3%CVE-2026-45039CRITICALRustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonationEPSS 0.3%CVE-2026-27607HIGHRustFS's Missing Post Policy Validation leads to Arbitrary Object WriteEPSS 0.3%CVE-2026-24762MEDIUMRustFS Logs Sensitive Credentials in PlaintextEPSS 0.2%CVE-2026-45041HIGHRustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgeryEPSS 0.2%CVE-2026-45043CRITICALRustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including RootEPSS 0.2%CVE-2026-21862HIGHRustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headersEPSS 0.2%CVE-2026-45042HIGHRustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy SourceEPSS 0.2%CVE-2026-39360MEDIUMRustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltrationEPSS 0.2%CVE-2026-45040MEDIUMRustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]EPSS 0.2%CVE-2026-46685MEDIUMRustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on consoleEPSS 0.1%