CNNVD-202601-2733 Information
CNNVD ID
CNNVD-202601-2733
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
rustfs是RustFS开源的一个高性能对象存储系统。 RustFS 1.0.0-alpha.1版本至1.0.0-alpha.79版本存在日志信息泄露漏洞,该漏洞源于无效RPC签名导致服务器记录共享HMAC密钥,可能导致伪造RPC调用。
Description (English)
Rustfs is a high performance object storage system for RustFS open sources. RustFS 1.0.0-alpha.1 to 1.0.0-alpha.79 contains a log information leak that originates from invalid RPC signatures, resulting in the sharing of HMAC keys for server records, which may lead to the falsification of RPC calls.
Hazard Level
High
Vulnerability Type
日志信息泄露
Affected Vendor
RustFS
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/rustfs/rustfs/blob/9e162b6e9ebb874cc1d06a7b33bc4a05786578aa/crates/ecstore/src/rpc/ https://github.com/rustfs/rustfs/commit/6b2eebee1d07399ef02c0863bd515b4412a5a560 https://github.com/rustfs/rustfs/security/advisories/GHSA-333v-68xh-8mmq https://access.redhat.com/security/cve/cve-2026-22782
Patch
https://github.com/rustfs/rustfs/tags
Share on: