CVE-2026-45040

Sažetak

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensitive credentials including SessionToken (JWT), SecretAccessKey, and full JWT claims are printed in plaintext to the server logs. This vulnerability is fixed in 1.0.0-beta.2.

Reference

https://github.com/rustfs/rustfs/security/advisories/GHSA-8cm2-h255-v749
https://github.com/rustfs/rustfs/security/advisories/GHSA-8cm2-h255-v749

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-06-2026 - 14:16

Objavljeno

28-05-2026 - 19:16