CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2018/04/25 9:29 p.m.•1 views

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...

8.8CVSS6.1AI score0.00528EPSS

Prion•added 2018/04/25 9:29 p.m.•16 views

Design/Logic Flaw

6.5CVSS8.9AI score0.00528EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/04/25 9:0 p.m.•13 views

CVE-2018-5226

9AI score0.00528EPSS

CVE•added 2018/04/25 9:0 p.m.•122 views

CVE-2018-5226

The CVE-2018-5226 issue affects Sourcetree for Windows (all versions prior to 2.5.5.0). The vulnerability is an argument injection flaw in the Mercurial repository tag name, which an attacker who can create a tag on a linked Mercurial repo can exploit to gain code execution on the host. Root caus...

8.8CVSS8.9AI score0.00528EPSS

Exploits0References1Affected Software1

Atlassian•added 2018/03/15 10:43 p.m.•502 views

Incorrect user showing up in configuration for GPG key signing

When configuring SourceTree to use GPG key signing for commits, an incorrect user is used for a given key. The user shows up as "0", rather than the user that was used to create the key. !gpgconfig.png|width=488,height=316! For more details see the post in the community forum here:...

6.8AI score

Exploits0Affected Software1

Tenable Nessus•added 2018/02/16 12:0 a.m.•11 views

SourceTree by Atlassian Detection

Binary data atlassiansourcetreedetect.nbin...

7.3AI score

Tenable Nessus•added 2018/02/16 12:0 a.m.•43 views

Atlassian SourceTree 0.5.1.0 < 2.4.7.0 Multiple Vulnerabilities

The version of Atlassian SourceTree installed on the remote Windows host is a version 0.5.1.0 prior to 2.4.7.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. C...

10CVSS7.3AI score0.17249EPSS

Exploits1References4

CNVD•added 2018/01/30 12:0 a.m.•1 views

Atlassian Sourcetree for Windows Command Injection Vulnerability

Atlassian Sourcetree for Windows is a free Windows-based Git and Mercurial client tool from the Australian company Atlassian that manages repositories using a visual interface. A security vulnerability exists in Atlassian Sourcetree for Windows versions 0.5.1.0 through 2.4.7.0 excluding version...

9CVSS7AI score0.02133EPSS

CNVD•added 2018/01/30 12:0 a.m.•1 views

Atlassian Sourcetree for macOS Command Injection Vulnerability

Atlassian Sourcetree for macOS is a free Windows-based Git and Mercurial client tool from Atlassian Australia that manages repositories using a visual interface. A security vulnerability exists in Atlassian Sourcetree versions 1.0b2 through 2.7.0 excluding version 2.7.0 for macOS-based platforms...

9CVSS7AI score0.02133EPSS

NVD•added 2018/01/26 2:29 a.m.•10 views

CVE-2017-14593

Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of...

9CVSS9.3AI score0.02133EPSS

OSV•added 2018/01/26 2:29 a.m.•1 views

CVE-2017-14592

Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree...

8.8CVSS6.1AI score

NVD•added 2018/01/26 2:29 a.m.•16 views

CVE-2017-14592

9CVSS9.2AI score0.02133EPSS

OSV•added 2018/01/26 2:29 a.m.•1 views

CVE-2017-14593

8.8CVSS6.1AI score0.02133EPSS

Prion•added 2018/01/26 2:29 a.m.•17 views

Command injection

9CVSS9.4AI score0.02133EPSS

Prion•added 2018/01/26 2:29 a.m.•13 views

Command injection

9CVSS9.6AI score0.02133EPSS

CVE•added 2018/01/26 2:0 a.m.•77 views

CVE-2017-14593

Sourcetree for Windows is affected by CVE-2017-14593: multiple argument and command injection flaws in Mercurial and Git handling that can lead to arbitrary code execution. Vulnerable in versions starting at 0.5.1.0 up to (but not including) 2.4.7.0; from version 0.8.4b the issue can be triggered...

9CVSS9.8AI score0.02133EPSS

CVE•added 2018/01/26 2:0 a.m.•50 views

CVE-2017-14592

Sourcetree for macOS is affected by CVE-2017-14592: argument and command injection in Mercurial and Git repo handling, exploitable by a commit permission holder. From version 1.4.0 the issue can be triggered from a webpage via the Sourcetree URI handler. Affected releases are 1.0b2 through before...

9CVSS9.7AI score0.02133EPSS

Cvelist•added 2018/01/26 2:0 a.m.•14 views

CVE-2017-14593

9.9AI score0.02133EPSS

Cvelist•added 2018/01/26 2:0 a.m.•14 views

CVE-2017-14592

9.6AI score0.02133EPSS