Wiz
Vulnerability DatabaseRUSTSEC-2022-0062

RUSTSEC-2022-0062
Rust vulnerability analysis and mitigation

Overview

The vulnerability (RUSTSEC-2022-0062) was identified in the Matrix Rust SDK where access tokens were being logged in multiple places throughout the codebase. This security issue was discovered and reported on October 14, 2022, affecting the Matrix-org Rust SDK implementation (Matrix Issue).

Technical details

The vulnerability involves the exposure of sensitive authentication tokens through debug logging functionality. The issue manifests when the SDK logs HTTP request details, which inadvertently includes access tokens in plaintext format. This was evidenced in trace-level logs showing complete request metadata, including sensitive authentication credentials (Matrix Issue).

Impact

The exposure of access tokens in log files could potentially allow unauthorized access to Matrix accounts. These tokens, if intercepted, could be used to impersonate users and perform actions on their behalf within the Matrix network (Matrix Issue).

Mitigation and workarounds

The issue was tracked and addressed through GitHub issue #1110 in the Matrix Rust SDK repository. Users were advised to review and secure their application logs, and ensure proper log level configuration to prevent token exposure (Matrix Issue).

Additional resources

SourceThis report was generated using AI

Related Rust vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

GHSA-2fjw-whxm-9v4qCRITICAL9.3
  • RustRust
  • nftnl
NoYesNov 25, 2025
CVE-2025-66017HIGH8.2
  • RustRust
  • cggmp21
NoYesNov 25, 2025
GHSA-mj73-j457-8x9qLOW2.7
  • RustRust
  • maxminddb
NoYesDec 02, 2025
GHSA-pq5v-rwp8-p7gmLOW2.7
  • RustRust
  • rtvm-interpreter
NoNoDec 02, 2025
RUSTSEC-2025-0132N/AN/A
  • RustRust
  • maxminddb
NoYesNov 28, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo