Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianEjensbyATLASSIAN:SRCTREEWIN-11289
HistoryJan 23, 2019 - 7:19 p.m.

Argument Injection via Mercurial hooks in Sourcetree for Windows - CVE-2018-20235

2019-01-2319:19:55
ejensby
jira.atlassian.com
9

0.008 Low

EPSS

Percentile

81.2%

JSON

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
h4. Affected versions:

  • Versions of Sourcetree for Windows before version 3.0.15 are affected by this vulnerability

h4. Fix:

For additional details, see the full advisory:Β https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html

Related

cve 1
prion 1
nvd 1
cvelist 1
atlassian 1
nessus 2
cve
cve
CVE-2018-20235
2019-03-08 18:29:00
prion
prion
Design/Logic Flaw
2019-03-08 18:29:00
nvd
nvd
CVE-2018-20235
2019-03-08 18:29:00
cvelist
cvelist
CVE-2018-20235
2019-03-06 00:00:00
atlassian
atlassian
Argument Injection via Mercurial hooks in Sourcetree for Windows - CVE-2018-20235
2019-01-23 19:19:55
nessus
nessus
Atlassian SourceTree 0.5a < 3.0.17 Multiple remote code execution vulnerabilities
2019-03-14 00:00:00
Atlassian SourceTree 1.2 < 3.1.1 Multiple remote code execution vulnerabilities
2019-04-30 00:00:00

0.008 Low

EPSS

Percentile

81.2%

JSON
Related for ATLASSIAN:SRCTREEWIN-11289
cve1prion1nvd1cvelist1atlassian1nessus2