7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.3%
Severity: High
Date : 2018-07-04
CVE-ID : CVE-2018-10857 CVE-2018-10859
Package : git-annex
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-725
The package git-annex before version 6.20180626-1 is vulnerable to
multiple issues including arbitrary filesystem access and information
disclosure.
Upgrade to 6.20180626-1.
The problems have been fixed upstream in version 6.20180626.
None.
Some uses of git-annex were vulnerable to a private data exposure and
exfiltration attack. It could expose the content of files located
outside the git-annex repository, or content from a private web server
on localhost or the LAN.
A malicious server for a special remote could trick git-annex into
decrypting a file that was encrypted to the user’s gpg key. This attack
could be used to expose encrypted data that was never stored in git-
annex
A remote attacker is able to read arbitrary files on the filesystem or
decrypt encrypted files by modifying the git-annex repository.
https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
https://git.joeyh.name/index.cgi/git-annex.git/commit/?id=b54b2cdc0ef1373fc200c0d28fded3c04fd57212
https://security.archlinux.org/CVE-2018-10857
https://security.archlinux.org/CVE-2018-10859
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.3%