Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

Git LFS: Arbitrary command execution in repositories with Git LFS enabled - CVE-2017-17831

The embedded version of Git LFS|https://git-lfs.github.com used in Sourcetree for macOS was vulnerable to CVE-2017-17831. An attacker can exploit this issue if they can commit to a git repository linked in Sourcetree for macOS by adding a .lfsconfig file containing a malicious lfs url, allowing...

Authentication fails using SSH keys since 2.3.5

Neither the Pagent agent or OpenSSH is working to authenticate since I upgraded. Switching SSH services makes no difference. If I go to the command line, using ssh -i identfile I have no issues authenticating to any system. Other symptoms include the terminal not going to the repository but using...

Authentication fails using SSH keys since 2.3.5

Neither the Pagent agent or OpenSSH is working to authenticate since I upgraded. Switching SSH services makes no difference. If I go to the command line, using ssh -i identfile I have no issues authenticating to any system. Other symptoms include the terminal not going to the repository but using...

The vulnerability in the visual Git client SourceTree exists due to the lack of measures taken to neutralize special elements used in the operating system command. This allows a malicious user to execute arbitrary commands.

The vulnerability of the visual Git client SourceTree exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by modifying the URL address...

Authentication fails on UI pull, works in command line.

My password recently changed. I have updated my credentials in the authentication preferences in SourceTree, however UI pulls always fail due to an authentication error, even though my credentials are correct. If I run the exact same command in the terminal, the pull is successful...

SourceTree Remote Code Execution Exploit

SourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected. SourceTree Remote Code Execution Exploit CVE ID:...

Git downloads over HTTP

SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS...

Password Reset

I changed my password on my Linux system and now I can't push/pull via Atlassian SourceTree 2.0.20.1 gui. I tried resetting via the authentication tab under Tools-Options but the password is not being saved. I can use git via command line via Terminal because I am prompted for a password. I...

Password Reset

I changed my password on my Linux system and now I can't push/pull via Atlassian SourceTree 2.0.20.1 gui. I tried resetting via the authentication tab under Tools-Options but the password is not being saved. I can use git via command line via Terminal because I am prompted for a password. I...

Atlassian SourceTree Command Injection Vulnerability

SourceTree is a free-to-use Git client for Windows and Mac from Atlassian Australia that provides a graphical interface to Hg and Git repositories. A command injection vulnerability exists in Atlassian SourceTree. An attacker can exploit the vulnerability to execute arbitrary code in the context ...

Command Injection (CVE-2017-8768)

SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. Affected versions: Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. Fix...

Command Injection (CVE-2017-8768)

SourceTree for Mac is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. Affected versions: Versions of SourceTree for Mac starting with 1.4.0 before version 2.5.1 are affected by this vulnerability. Fix...

Command Injection (CVE-2017-8768)

SourceTree for Windows is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. Affected versions: Versions of SourceTree for Windows starting with 0.8.4b before version 2.0.20.1 are affected by this...

Command Injection (CVE-2017-8768)

SourceTree for Windows is affected by a command injection vulnerability in URI handling. The vulnerability can be triggered through a browser or the SourceTree interface. Affected versions: Versions of SourceTree for Windows starting with 0.8.4b before version 2.0.20.1 are affected by this...

Atlassian SourceTree 2.5c Client URL Handler Command Injection Vulnerability

Atlassian SourceTree Client version 2.5c and prior contain a client URL handler command injection vulnerability that allows attackers to execute specially crafted sourcetree:// commands with arbitrary arguments on multiple platforms Author: redrain Date: 2017-03-02 Version:2.5c and prior Platform...

Command injection

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...

CVE-2017-8768

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...

CVE-2017-8768

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...

CVE-2017-8768

CVE-2017-8768 affects Atlassian SourceTree v2.5c and earlier, with a command-injection flaw in the sourcetree:// URI handling that can trigger arbitrary OS commands when the URI contains substrings like sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext::. Multiple sources (SRCTREE-4738...