Missing Encryption of Sensitive Data

CVE-2014-6274

High

7.5/10

Summary

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

References

Advisory Timeline

Published Jun 26, 2025

Missing Encryption of Sensitive Data

CVE-2014-6274

Summary

CWE-311 - Missing Encryption of Sensitive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS