CVE-2014-6274

Published: Jun 26, 2025

Modified: Jun 27, 2025

PUBLISHED

Description

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.

Vendor	Product	Versions
git-annex	git-annex	affected `3.20121126 - < 5.20140919`

References

https://git-annex.branchable.com/upgrades/insecure_embedded_creds/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-6274

Description

Affected Products

References