漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
RustFS RPC signature verification logs shared secret
Vulnerability Description
RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers and enables forged RPC calls. In crates/ecstore/src/rpc/http_auth.rs, the invalid signature branch logs sensitive data. This log line includes secret and expected_signature, both derived from the shared HMAC key. Any invalidly signed request triggers this path. The function is reachable from RPC and admin request handlers. This vulnerability is fixed in 1.0.0-alpha.80.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
rustfs 日志信息泄露漏洞
Vulnerability Description
rustfs是RustFS开源的一个高性能对象存储系统。 RustFS 1.0.0-alpha.1版本至1.0.0-alpha.79版本存在日志信息泄露漏洞,该漏洞源于无效RPC签名导致服务器记录共享HMAC密钥,可能导致伪造RPC调用。
CVSS Information
N/A
Vulnerability Type
N/A