CNNVD-202512-5096 Information

CNNVD ID

CNNVD-202512-5096

Related CVE

CVE-2025-68926

• CNNVD Published: 2025-12-30

Description (Chinese)

rustfs是RustFS开源的一个高性能对象存储系统。 rustfs 1.0.0-alpha.77之前版本存在信任管理问题漏洞，该漏洞源于使用硬编码静态令牌进行gRPC身份验证，可能导致数据破坏、策略操纵和集群配置更改等特权操作。

Description (English)

Rustfs is a high performance object storage system for RustFS open sources. A trust management gap existed in the previous version of rustfs 1.0.0-alpha.77, which stemmed from the use of hard-coded static tokens for gRPC authentication, which could lead to privileged operations such as data sabotage, tactical manipulation and cluster configuration changes.

Hazard Level

Low

Vulnerability Type

信任管理问题

Affected Vendor

RustFS

Published

2025-12-30

Last Modified

2026-02-24

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-h956-rh7x-ppgj https://access.redhat.com/security/cve/cve-2025-68926

Patch

https://rustfs.com/download/