hsec-2023-0010
Vulnerability from osv_haskell
git-annex private data exfiltration to compromised remote
Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. Joey Hess discovered this attack.
To perform this attack, the attacker needs to have control over one of the remotes of the victim's git-annex repository. For example, they may provide a public git-annex repository that the victim clones. Or, equivalantly, the attacker could have read access to the victim's git-annex repository or a repository it pushes to, and some channel to get commits into it (e.g. pull requests).
These exploits are most likely to succeed when the victim is running
the git-annex assistant, or is periodically running git annex
sync --content.
To perform the attack the attacker runs git-annex addurl --relaxed
file:///etc/passwd and commits this to the repository in some out
of the way place. After the victim's git repository receives that
change, git-annex follows the attacker-provided URL to the private
data, which it stores in the git-annex repository. From there it
transfers the content to the remote git-annex repository that the
attacker has access to.
As well as file:/// URLs, the attacker can use URLs to private web
servers. The URL can also be one that the attacker controls, that
redirects to a URL that is accessible to the victim system (and not
necessarily the compromised remote).
Fix
The issue was fixed by making git-annex refuse to follow
file:/// urls and URLs pointing to private/local IP addresses by
default. Two new configuration settings,
annex.security.allowed-url-schemes and
annex.security.allowed-ip-addresses, can relax this security
policy, and are intended for cases where the git-annex repository
is kept private and so the attack does not apply.
Impact on external special remotes
One variant of this issue can exploit a vulnerable external special
remote, and could not be prevented by git-annex. (git-annex's
own built-in special remotes are not vulnerable to this attack.)
In this attack variant, the attacker guesses the hash of a file
stored on the victim's private web server, and adds it to the
git-annex repository. The attacker also has control of the server
hosting an encrypted special remote used by the victim's git-annex
repository. They cause that server to redirect to the victim's web
server. This allows the attacker to verify if the victim's web
server contains a file that the attacker already knows the content
of, assuming they can guess the URL to it.
Developers of external special remotes are encouraged to prevent this attack by not following such HTTP redirects.
{
"affected": [
{
"database_specific": {
"human_link": "https://github.com/haskell/security-advisories/tree/main/advisories/published/2023/HSEC-2023-0010.md",
"osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2023/HSEC-2023-0010.json"
},
"package": {
"ecosystem": "Hackage",
"name": "git-annex"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.20180626"
}
],
"type": "ECOSYSTEM"
}
],
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2018-10857"
],
"database_specific": {
"home": "https://github.com/haskell/security-advisories",
"osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
"repository": "https://github.com/haskell/security-advisories"
},
"details": "# *git-annex* private data exfiltration to compromised remote\n\nSome uses of git-annex were vulnerable to a private data exposure\nand exfiltration attack. It could expose the content of files\nlocated outside the *git-annex* repository, or content from a\nprivate web server on localhost or the LAN. Joey Hess discovered\nthis attack.\n\nTo perform this attack, the attacker needs to have control over one\nof the remotes of the victim\u0027s *git-annex* repository. For example,\nthey may provide a public *git-annex* repository that the victim\nclones. Or, equivalantly, the attacker could have read access to the\nvictim\u0027s *git-annex* repository or a repository it pushes to, and\nsome channel to get commits into it (e.g. pull requests).\n\nThese exploits are most likely to succeed when the victim is running\nthe `git-annex` assistant, or is periodically running `git annex\nsync --content`.\n\nTo perform the attack the attacker runs `git-annex addurl --relaxed\nfile:///etc/passwd` and commits this to the repository in some out\nof the way place. After the victim\u0027s git repository receives that\nchange, `git-annex` follows the attacker-provided URL to the private\ndata, which it stores in the *git-annex* repository. From there it\ntransfers the content to the remote *git-annex* repository that the\nattacker has access to.\n\nAs well as `file:///` URLs, the attacker can use URLs to private web\nservers. The URL can also be one that the attacker controls, that\nredirects to a URL that is accessible to the victim system (and not\nnecessarily the compromised remote).\n\n## Fix\n\nThe issue was fixed by making `git-annex` refuse to follow\n`file:///` urls and URLs pointing to private/local IP addresses by\ndefault. Two new configuration settings,\n`annex.security.allowed-url-schemes` and\n`annex.security.allowed-ip-addresses`, can relax this security\npolicy, and are intended for cases where the *git-annex* repository\nis kept private and so the attack does not apply.\n\n## Impact on external special remotes\n\nOne variant of this issue can exploit a vulnerable external special\nremote, and could not be prevented by `git-annex`. (`git-annex`\u0027s\nown built-in special remotes are not vulnerable to this attack.)\n\nIn this attack variant, the attacker guesses the hash of a file\nstored on the victim\u0027s private web server, and adds it to the\n`git-annex` repository. The attacker also has control of the server\nhosting an encrypted special remote used by the victim\u0027s *git-annex*\nrepository. They cause that server to redirect to the victim\u0027s web\nserver. This allows the attacker to verify if the victim\u0027s web\nserver contains a file that the attacker already knows the content\nof, assuming they can guess the URL to it.\n\nDevelopers of external special remotes are encouraged to prevent\nthis attack by not following such HTTP redirects.\n",
"id": "HSEC-2023-0010",
"modified": "2025-11-14T14:45:34Z",
"published": "2025-11-14T14:45:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/"
}
],
"schema_version": "1.5.0",
"summary": "git-annex private data exfiltration to compromised remote"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.