Git-annex Security Vulnerabilities and Issues — Git-annex CVE List

Lucene search

Git-annex ProjectGit-annex

3 matches found

CVE•added 2018/07/16 8:29 p.m.•68 views

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.

7.5CVSS7.3AI score0.00384EPSS

CVE•added 2018/07/16 6:29 p.m.•54 views

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex

7.5CVSS7.2AI score0.00384EPSS

CVE•added 2025/06/26 9:15 p.m.•28 views

CVE-2014-6274

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yeswas set, and the remote used encryption=pubkey or encryption=hybrid,the embedded AWS credentials were stored in the git repositoryin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-an...

7.5CVSS6.4AI score0.00021EPSS