7.5

CVE-2026-24762

RustFS Logs Sensitive Credentials in Plaintext

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This issue has been patched in version alpha.82.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RustfsRustfs Version1.0.0 Updatealpha13 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha14 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha15 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha16 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha17 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha18 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha19 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha20 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha21 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha22 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha23 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha24 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha25 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha26 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha27 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha28 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha29 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha30 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha31 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha32 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha33 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha34 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha35 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha36 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha37 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha38 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha39 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha40 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha41 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha42 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha43 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha44 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha45 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha46 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha47 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha48 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha49 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha50 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha51 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha52 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha53 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha54 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha55 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha56 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha57 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha58 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha59 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha60 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha61 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha62 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha63 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha64 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha65 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha66 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha67 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha68 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha69 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha70 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha71 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha72 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha73 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha74 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha75 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha76 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha77 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha78 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha79 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha80 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha81 SwPlatformrust
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.154
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr
Vendor Advisory