CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10857 Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:git-annex_project:git-annex:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-16 20:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-10857

Mitre link : CVE-2018-10857

CVE.ORG link : CVE-2018-10857


JSON object : View

Products Affected

git-annex_project

  • git-annex

debian

  • debian_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor