Data exfiltration attack in git-annex - CVE-2018-10857
Published: June 28, 2018 / Updated: July 2, 2018
Vulnerability identifier: #VU13536
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10857
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Joey Hess
Affected software:
git-annex
git-annex
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to private data exfiltration attack. A remote attacker can run git-annex addurl --relaxed file:///etc/passwd and commit this to the repository in some out of the way place. After the victim's git repository receives that change, git-annex follows the attacker-provided url to private data, which it stores in the git-annex repository. From there it transfers the content to the git-annex repository that the attacker has access to.
How to mitigate CVE-2018-10857
Update to version 6.20180626.