CVE-2018-10859 (GCVE-0-2018-10859)

Vulnerability from cvelistv5 – Published: 2018-07-16 18:00 – Updated: 2024-08-05 07:46

Summary

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex

Severity ?

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200

Assigner

redhat

References

URL

	Vendor	Product	Version
	[UNKNOWN]	git-annex	Affected: n/a

FKIE_CVE-2018-10859

Vulnerability from fkie_nvd - Published: 2018-07-16 18:29 - Updated: 2024-11-21 03:42

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859	Issue Tracking
secalert@redhat.com	https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	git-annex_project	git-annex	-
	debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:git-annex_project:git-annex:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C934B969-17CE-48C6-89AB-099C7A0D0489",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex"
    },
    {
      "lang": "es",
      "value": "git-annex es vulnerable a una exposici\u00f3n de informaci\u00f3n al descifrar archivos. Un servidor malicioso para un remoto especial podr\u00eda enga\u00f1ar a git-annex para que descifre un archivo cifrado en la clave gpg del usuario. Este ataque podr\u00eda emplearse para exponer datos cifrados que nunca se almacenaron en git-annex."
    }
  ],
  "id": "CVE-2018-10859",
  "lastModified": "2024-11-21T03:42:09.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-16T18:29:00.227",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J24G-Q5JP-XG4V

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-16T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex",
  "id": "GHSA-j24g-q5jp-xg4v",
  "modified": "2022-05-13T01:34:56Z",
  "published": "2022-05-13T01:34:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10859"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-13686

Vulnerability from cnvd - Published: 2018-07-23

Title

git-annex信息泄露漏洞

Description

git-annex是一套分布式文件同步系统。 git-annex中存在信息泄露漏洞。攻击者可借助恶意的服务器利用该漏洞泄露被加密的数据。

Severity

中

Patch Name

git-annex信息泄露漏洞的补丁

Patch Description

git-annex是一套分布式文件同步系统。 git-annex中存在信息泄露漏洞。攻击者可借助恶意的服务器利用该漏洞泄露被加密的数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859

Impacted products

Name
git-annex git-annex

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10859"
    }
  },
  "description": "git-annex\u662f\u4e00\u5957\u5206\u5e03\u5f0f\u6587\u4ef6\u540c\u6b65\u7cfb\u7edf\u3002\r\ngit-annex\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u670d\u52a1\u5668\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u88ab\u52a0\u5bc6\u7684\u6570\u636e\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13686",
  "openTime": "2018-07-23",
  "patchDescription": "git-annex\u662f\u4e00\u5957\u5206\u5e03\u5f0f\u6587\u4ef6\u540c\u6b65\u7cfb\u7edf\u3002\r\ngit-annex\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u6076\u610f\u7684\u670d\u52a1\u5668\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u88ab\u52a0\u5bc6\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "git-annex\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "git-annex git-annex"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-18",
  "title": "git-annex\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

cve-2018-10859

Vulnerability from osv_haskell

Published

2025-11-14 14:45

Modified

2025-11-14 14:45

Summary

git-annex GPG decryption attack via compromised remote

Details

git-annex GPG decryption attack via compromised remote

A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's GPG key. This attack could be used to expose encrypted data that was never stored in git-annex. Daniel Dent discovered this attack in collaboration with Joey Hess.

To perform this attack the attacker needs control of a server hosting an encrypted special remote used by the victim's git-annex repository. The attacker uses git annex addurl --relaxed with an innocuous URL, and waits for the user's git-annex to download it, and upload an (encrypted) copy to the special remote they also control. At some later point, when the user downloads the content from the special remote, the attacker instead sends them the content of the GPG-encrypted file that they wish to have decrypted in its place (which may have been exfiltrated from the victim's system via the attack described in HSEC-2023-0010 / CVE-2018-10857, or acquired by other means). Finally, the attacker drops their own copy of the original innocuous URL, and waits for the victim git-annex to send them the accidentially decrypted file.

The issue was fixed by making git-annex refuse to download encrypted content from special remotes, unless it knows the hash of the expected content. When the attacker provides some other GPG-encrypted content, it will fail the hash check and be discarded.

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "human_link": "https://github.com/haskell/security-advisories/tree/main/advisories/published/2023/HSEC-2023-0011.md",
        "osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2023/HSEC-2023-0011.json"
      },
      "package": {
        "ecosystem": "Hackage",
        "name": "git-annex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.20110417"
            },
            {
              "fixed": "6.20180626"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-10859"
  ],
  "database_specific": {
    "home": "https://github.com/haskell/security-advisories",
    "osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
    "repository": "https://github.com/haskell/security-advisories"
  },
  "details": "# *git-annex* GPG decryption attack via compromised remote\n\nA malicious server for a special remote could trick `git-annex` into\ndecrypting a file that was encrypted to the user\u0027s GPG key.  This\nattack could be used to expose encrypted data that was never stored\nin *git-annex*.  Daniel Dent discovered this attack in collaboration\nwith Joey Hess.\n\nTo perform this attack the attacker needs control of a server\nhosting an *encrypted* special remote used by the victim\u0027s\n*git-annex* repository.  The attacker uses `git annex addurl\n--relaxed` with an innocuous URL, and waits for the user\u0027s\n`git-annex` to download it, and upload an (encrypted) copy to the\nspecial remote they also control.  At some later point, when the\nuser downloads the content from the special remote, the attacker\ninstead sends them the content of the GPG-encrypted file that they\nwish to have decrypted in its place (which may have been exfiltrated\nfrom the victim\u0027s system via the attack described in\n**HSEC-2023-0010** / **CVE-2018-10857**, or acquired by other\nmeans).  Finally, the attacker drops their own copy of the original\ninnocuous URL, and waits for the victim `git-annex` to send them the\naccidentially decrypted file.\n\nThe issue was fixed by making `git-annex` refuse to download\nencrypted content from special remotes, unless it knows the hash of\nthe expected content.  When the attacker provides some other\nGPG-encrypted content, it will fail the hash check and be discarded.\n",
  "id": "HSEC-2023-0011",
  "modified": "2025-11-14T14:45:34Z",
  "published": "2025-11-14T14:45:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/"
    }
  ],
  "related": [
    "HSEC-2023-0010",
    "CVE-2018-10857"
  ],
  "schema_version": "1.5.0",
  "summary": "git-annex GPG decryption attack via compromised remote"
}

GSD-2018-10859

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10859

Aliases

CVE-2018-10859

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10859",
    "description": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex",
    "id": "GSD-2018-10859",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-10859.html",
      "https://security.archlinux.org/CVE-2018-10859"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10859"
      ],
      "details": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex",
      "id": "GSD-2018-10859",
      "modified": "2023-12-13T01:22:41.590864Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2018-10859",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "git-annex",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "[UNKNOWN]"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "CWE-200"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:git-annex_project:git-annex:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-10859"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user\u0027s gpg key. This attack could be used to expose encrypted data that was never stored in git-annex"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10859"
            },
            {
              "name": "[debian-lts-announce] 20180905 [SECURITY] [DLA 1495-1] git-annex security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00004.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:33Z",
      "publishedDate": "2018-07-16T18:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10859 (GCVE-0-2018-10859)

FKIE_CVE-2018-10859

GHSA-J24G-Q5JP-XG4V

CNVD-2018-13686

cve-2018-10859

Vulnerability from osv_haskell

git-annex GPG decryption attack via compromised remote

GSD-2018-10859

Tags

Sightings

Nomenclature