CVE-2018-13397

Published: Nov 5, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.

Affected (1)

Products: Atlassian: Sourcetree

Atlassian

1 product

Sourcetree

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atlassian Sourcetree	From 0.5.1.0 to 3.0.0

References (2)

https://jira.atlassian.com/browse/SRCTREEWIN-9077

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/SRCTREEWIN-9077

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.