PT-2026-44468 · Rustfs · Rustfs
Chenshi5012
·
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-45040
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
RustFS versions prior to 1.0.0-beta.2
Description
RustFS is a distributed object storage system built in Rust that leaks sensitive information in log outputs. When the server is operated with the
RUST LOG variable set to debug, sensitive credentials such as SessionToken (JSON Web Token), SecretAccessKey, and full JWT claims are printed in plaintext to the server logs.Recommendations
Update to version 1.0.0-beta.2.
Exploit
Fix
Cleartext Storage of Sensitive Information
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rustfs