FIND-20260404-010 · 2026-04-04 · Innovation Veille

RUSTSEC-2023-0125: aws-sigv4 Secret Key Exposure in Debug Output — Assigned April 2, 2026

cve MEDIUM
RUSTSEC-2023-0125 was formally assigned to the aws-sigv4 Rust crate on April 2, 2026 (CVE-2023-30610). The advisory documents that aws-sigv4 may expose AWS secret access keys in debug output when logging request signing operations. This is a secret leakage vulnerability affecting any Rust service that uses aws-sigv4 for AWS API authentication and enables debug logging in production. The advisory was originally filed in 2023 but received formal RUSTSEC assignment this week.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0125.html

ODS Impact

ODS services running on GCP (not AWS) have low direct exposure. However, if any ODS service uses aws-sigv4 for cross-cloud operations, S3-compatible storage (MinIO, GCS with AWS SDK), or Redpanda Connect with AWS connectors, secret keys could appear in logs. Audit Cargo.toml files across all ODS Rust services for aws-sigv4 dependency. If found, ensure debug logging is disabled in production.

Security Review

N/A

Tags

rust rustsec aws secret-leak cve supply-chain logging
Generated by ODS Innovation Veille · 2026-04-04T07:09:46+00:00