← Back

CVE-2018-13396

nvd nist
Published: Nov 5, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.

Affected (6)

Atlassian
1 product
Sourcetree
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Sourcetree
From 1.0 to 3.0.0
Sourcetree
Version 1.0 beta2
Sourcetree
Version 1.0 beta3
Sourcetree
Version 1.0 beta4
Sourcetree
Version 1.0 beta5
Sourcetree
Version 1.0 rc1

References (2)

Source: security@atlassian.com
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.