CVE-2014-6274

{"id": "CVE-2014-6274", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T21:15:27.647", "references": [{"url": "https://git-annex.branchable.com/upgrades/insecure_embedded_creds/", "tags": ["Product"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes\nwas set, and the remote used encryption=pubkey or encryption=hybrid,\nthe embedded AWS credentials were stored in the git repository\nin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919."}, {"lang": "es", "value": "git-annex ten\u00eda un error en los servidores remotos S3 y Glacier: si se configuraba embedcreds=yes y el servidor remoto usaba encrypted=pubkey o encrypted=hybrid, las credenciales de AWS integradas se almacenaban en el repositorio git en texto plano (en la pr\u00e1ctica), no cifradas como deb\u00edan. Este problema afecta a git-annex desde la versi\u00f3n 3.20121126 hasta la versi\u00f3n 5.20140919.\n"}], "lastModified": "2025-08-06T16:36:19.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:git-annex_project:git-annex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C958D9B2-D59E-4F4D-AC0E-28D603D6AC93", "versionEndExcluding": "5.20140919", "versionStartIncluding": "3.20121126"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}