HSEC-2023-0012

See a problem?

Import Source

https://github.com/haskell/security-advisories/blob/generated/osv-export/2023/HSEC-2023-0012.json

JSON Data

https://api.osv.dev/v1/vulns/HSEC-2023-0012

Published

2023-07-25T13:25:42Z

Modified

2025-07-27T20:43:18.728325Z

Summary

git-annex checksum exposure to encrypted special remotes

Details

git-annex checksum exposure to encrypted special remotes

A bug exposed the checksum of annexed files to encrypted special remotes, which are not supposed to have access to the checksum of the un-encrypted file. This only occurred when resuming uploads to the encrypted special remote, so it is considered a low-severity security hole.

For details, see commit b890f3a53d936b5e40aa9acc5876cb98f18b9657.

No CVE was assigned for this issue.

Fixed in git-annex-6.20160419.

Database specific

{
    "home": "https://haskell.github.io/security-advisories",
    "osvs": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export",
    "repository": "https://github.com/haskell/security-advisories"
}

References

Affected packages

Hackage / git-annex

Package

Name: git-annex
Purl: pkg:hackage/git-annex

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.20110417

Fixed

6.20160419

Affected versions

3.*

3.20110702

3.20110702.2

3.20110705

3.20110707

3.20110819

3.20110902

3.20110906

3.20110915

3.20110928

3.20111011

3.20111122

3.20111203

3.20111211

3.20111231

3.20120113

3.20120115

3.20120116

3.20120123

3.20120227

3.20120229

3.20120230

3.20120309

3.20120315

3.20120405

3.20120406

3.20120418

3.20120430

3.20120511

3.20120522

3.20120605

3.20120611

3.20120614

3.20120615

3.20120624

3.20120629

3.20120721

3.20120807

3.20120825

3.20120924

3.20121001

3.20121009

3.20121010

3.20121016

3.20121017

3.20121112

3.20121126

3.20121127

3.20121127.1

3.20121211

3.20130102

3.20130105

3.20130107

3.20130114

3.20130124

3.20130207

3.20130216.1

4.*

4.20130227

4.20130314

4.20130323

4.20130405

4.20130417

4.20130501

4.20130501.1

4.20130516

4.20130521

4.20130521.1

4.20130521.2

4.20130601

4.20130627

4.20130709

4.20130723

4.20130802

4.20130815

4.20130827

4.20130909

4.20130920

4.20130927

4.20131002

4.20131024

4.20131101

4.20131106

5.*

5.20131118

5.20131120

5.20131127

5.20131130

5.20131213

5.20131221

5.20131230

5.20140107

5.20140108

5.20140116

5.20140127

5.20140129

5.20140210

5.20140221

5.20140227

5.20140306

5.20140320

5.20140402

5.20140405

5.20140412

5.20140421

5.20140517

5.20140529

5.20140606

5.20140613

5.20140707

5.20140709

5.20140717

5.20140817

5.20140831

5.20140915

5.20140919

5.20140926

5.20140927

5.20141013

5.20141024

5.20141125

5.20141203

5.20141219

5.20141231

5.20150113

5.20150205

5.20150219

5.20150317

5.20150327

5.20150406

5.20150406.1

5.20150409

5.20150420

5.20150508

5.20150508.1

5.20150522

5.20150528

5.20150617

5.20150710

5.20150727

5.20150731

5.20150812

5.20150824

5.20150916

5.20150930

5.20151019

5.20151102

5.20151102.1

5.20151116

5.20151208

5.20151218

6.*

6.20160114

6.20160126

6.20160211

6.20160229

6.20160318

6.20160412

6.20160418

Database specific

{
    "osv": "https://raw.githubusercontent.com/haskell/security-advisories/refs/heads/generated/osv-export/2023/HSEC-2023-0012.json",
    "human_link": "https://haskell.github.io/security-advisories/advisory/HSEC-2023-0012.html"
}