← Back

CVE-2017-14592

nvd nist
Published: Jan 26, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.

Affected (6)

Atlassian
1 product
Sourcetree
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Sourcetree
From 1.0 to 2.7
Sourcetree
Version 1.0 beta2
Sourcetree
Version 1.0 beta3
Sourcetree
Version 1.0 beta4
Sourcetree
Version 1.0 beta5
Sourcetree
Version 1.0 rc1

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

Source: security@atlassian.com
Third Party AdvisoryVDB Entry
Source: security@atlassian.com
Third Party Advisory
Source: security@atlassian.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.