pkg:crates.io/rustfs

所有已知漏洞

• CRITICAL9.8CVE-2025-68926RustFS has a gRPC Hardcoded Token Authentication Bypass
  >= 1.0.0-alpha.13, < 1.0.0-alpha.78
• CRITICAL9.0CVE-2026-27822Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover
  from 0, < 1.0.0-alpha.83
• HIGH8.3CVE-2026-40937RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks
  from 0, <= 0.0.2
• HIGH8.1CVE-2026-27607RustFS: Missing Post Policy Validation leads to Arbitrary Object Write
  >= 1.0.0-alpha.56, < 1.0.0-alpha.83
• MEDIUM4.3CVE-2026-39360RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration
  from 0, <= 0.0.2
• —CVE-2026-24762RustFS Logs Sensitive Credentials in Plaintext
  >= 1.0.0-alpha.13, < 1.0.0-alpha.82
• —CVE-2026-21862RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
  from 0, < 1.0.0-alpha.78
• —CVE-2026-22782RustFS's RPC signature verification logs shared secret
  >= 1.0.0-alpha.1, < 1.0.0-alpha.80
• —CVE-2026-22043RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting
  >= 1.0.0-alpha.13, < 1.0.0-alpha.79
• —CVE-2026-22042RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation
  from 0, < 1.0.0-alpha.79
• —CVE-2025-69255RustFS gRPC GetMetrics deserialization panic enables remote DoS
  >= 1.0.0-alpha.13, < 1.0.0-alpha.78
• —CVE-2025-68705RustFS Path Traversal Vulnerability
  >= 1.0.0-alpha.13, < 1.0.0-alpha.79