漏洞概述 漏洞名称: Authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration (multipart UploadPartCopy 中的授权绕过导致跨桶对象泄露) 漏洞描述: RustFS 在 multipart copy path (UploadPartCopy) 中存在缺失的授权检查。低权限用户可以将受害者桶中的对象复制到攻击者控制的 multipart upload 中并上传,从而窃取数据。这破坏了多租户环境中的租户隔离。 影响: 未经授权的跨桶/跨租户数据泄露 (机密性:High)。攻击者只需在源桶上有 minimal permissions (如 ListObjects, HeadObject, GetObject),或者在目标桶上有 minimal permissions (如 CreateMultipartUpload, UploadPart, UploadPartCopy, CompleteMultipartUpload, PutObject/GetObject),就可以窃取数据。 影响范围 受影响版本: 从 commit 到 以及包含这些 commit 的任何发布版本。 包版本 (Cargo metadata): crate version in this tree: 修复方案 建议实现与 等价的授权检查: upload_part_copy: enforce source GetObject authorization on x-amz-copy-source enforce destination PutObject authorization on the target object (recommended) apply the same tag-condition enforcement used by on the source. complete_multipart_upload: enforce destination PutObject authorization. abort_multipart_upload: enforce appropriate multipart permission (or destination PutObject as a safe boundary). POC 代码/命令 复现步骤 (Steps to Reproduce): 观察到的输出 (Observed PoC Output):**