Количество 2
Количество 2
CVE-2026-22042
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions (creating/updating users, groups, policies, and service accounts), this can lead to unauthorized IAM modification and privilege escalation. Version 1.0.0-alpha.79 fixes the issue.
GHSA-vcwh-pff9-64cc
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22042 RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions (creating/updating users, groups, policies, and service accounts), this can lead to unauthorized IAM modification and privilege escalation. Version 1.0.0-alpha.79 fixes the issue. | CVSS3: 8.8 | 0% Низкий | около 1 месяца назад |
| GHSA-vcwh-pff9-64cc RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу