git-annex checksum exposure to encrypted special remotes
A bug exposed the checksum of annexed files to encrypted special remotes, which are not supposed to have access to the checksum of the un-encrypted file. This only occurred when resuming uploads to the encrypted special remote, so it is considered a low-severity security hole.
For details, see commit
b890f3a53d936b5e40aa9acc5876cb98f18b9657.
No CVE was assigned for this issue.
Fixed in git-annex-6.20160419.
Info
- Published
- July 25, 2023
- Modified
- July 25, 2023
- CAPECs
- < none >
- CWEs
- 200
- Keywords
- historical
- Aliases
- < none >
- Related
- < none >
- References
- [ADVISORY] https://git-annex.branchable.com/security/checksum_exposure_to_encrypted_special_remotes/
- [FIX] http://source.git-annex.branchable.com/?p=source.git;a=commitdiff;h=b890f3a53d936b5e40aa9acc5876cb98f18b9657
Affected
git-annex
- CVSS
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Versions
>=0.20110417 && <6.20160419- Declarations
- < none >