GO-2026-5009 Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ProxyCommand process. An attacker can execute arbitrary commands on the system by injecting malicious input into the SSH ProxyCommand configuration. Remediation Upgrade github.com/kopia/kopia/cli to...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ProxyCommand process. An attacker can execute arbitrary commands on the system by injecting malicious input into the SSH ProxyCommand configuration. Remediation Upgrade...

PT-2026-42385

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

GHSA-2Q4C-3MRW-63C3 Kopia: RCE via SSH ProxyCommand Injection

Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...

Kopia: RCE via SSH ProxyCommand Injection

Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...

How to Update Location Profile Endpoint Details and Preserve Access to an Existing Kopia Storage Repository

Purpose This article documents the correct procedure to update the Endpoint details in the Location Profile for an existing Kopia storage repository in S3-compatible stores and ensure the existing associated repositories remain accessible. Customers may wish to update the Endpoint details e.g.,...

GO-2024-2703 Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in github.com/kopia/kopia

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in github.com/kopia/kopia...

Sensitive Data Exposure

github.com/kopia/kopiais vulnerable to Sensitive Data Exposure. This vulnerability is due to the "repository status" CLI command with JSON output containing sensitive storage connection credentials which are inadvertently exposed to the console...

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see 3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has be...

GHSA-J5VM-7QCC-2WWG Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact What kind of vulnerability is it? Who is impacted? Storage credentials are written to the console. Patches Has the problem been patched? Yes, see 3589 What versions should users upgrade to? - Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77 - No release has be...