📦 Rustfs
by Rustfs
🔍 What is Rustfs?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in RustFS Console allows attackers to inject malicious JavaScript that executes when administrators view the management console. This enables credenti...
A privilege escalation vulnerability in RustFS IAM allows restricted service accounts or STS credentials to self-issue unrestricted service accounts with full parent privileges. This bypasses session ...
CVE-2025-68705 is a path traversal vulnerability in RustFS's /rustfs/rpc/read_file_stream endpoint that allows attackers to read arbitrary files on the server filesystem. This affects RustFS versions ...
This vulnerability allows attackers to bypass authentication in RustFS by using a hardcoded static token that is publicly exposed in the source code. Any attacker with network access to the gRPC port ...
This vulnerability in RustFS allows attackers to bypass upload policy restrictions in presigned POST uploads, enabling unauthorized file uploads that exceed size limits, target arbitrary locations, an...
RustFS versions alpha.13 through alpha.81 log sensitive AWS credentials (access keys, secret keys, session tokens) in plaintext at INFO level. This allows anyone with access to application logs to ste...
This vulnerability allows attackers to bypass IP-based access controls in RustFS by spoofing their IP address using HTTP headers. Any client that can reach the RustFS service can impersonate allowed I...
RustFS versions 1.0.0-alpha.1 through 1.0.0-alpha.79 log the shared HMAC secret when invalid RPC signatures are received. This exposes the secret to anyone with log access, enabling attackers to forge...
This vulnerability in RustFS allows a principal with export-only IAM permissions to perform import operations, leading to unauthorized creation or modification of users, groups, policies, and service ...
A malformed gRPC GetMetrics request can cause RustFS to panic and crash the handler thread, enabling remote denial of service attacks against the metrics endpoint. This affects RustFS versions 1.0.0-a...