Search criteria
8 vulnerabilities found for Sourcetree for macOS by Atlassian
CVE-2018-20234 (GCVE-0-2018-20234)
Vulnerability from cvelistv5 – Published: 2019-03-08 18:00 – Updated: 2024-09-16 23:30
VLAI?
Summary
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
1.2 , < unspecified
(custom)
Affected: unspecified , < 3.1.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.2",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T15:06:05",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-06T00:00:00",
"ID": "CVE-2018-20234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.2"
},
{
"version_affected": "\u003c",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-6391",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-20234",
"datePublished": "2019-03-08T18:00:00Z",
"dateReserved": "2018-12-19T00:00:00",
"dateUpdated": "2024-09-16T23:30:34.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13396 (GCVE-0-2018-13396)
Vulnerability from cvelistv5 – Published: 2018-11-05 22:00 – Updated: 2024-09-16 21:03
VLAI?
Summary
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
1.0b2 , < unspecified
(custom)
Affected: unspecified , < 3.0.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.0b2",
"versionType": "custom"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-05T21:57:02",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-13396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.0b2"
},
{
"version_affected": "\u003c",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5985",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-13396",
"datePublished": "2018-11-05T22:00:00Z",
"dateReserved": "2018-07-06T00:00:00",
"dateUpdated": "2024-09-16T21:03:34.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13385 (GCVE-0-2018-13385)
Vulnerability from cvelistv5 – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
unspecified , < 2.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-18T00:00:00",
"ID": "CVE-2018-13385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.7.6"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5846",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-13385",
"datePublished": "2018-07-24T13:00:00Z",
"dateReserved": "2018-07-06T00:00:00",
"dateUpdated": "2024-09-16T22:08:24.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14592 (GCVE-0-2017-14592)
Vulnerability from cvelistv5 – Published: 2018-01-26 02:00 – Updated: 2024-09-16 22:09
VLAI?
Summary
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
Versions starting with 1.0b2 before version 2.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:38.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102926"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "Versions starting with 1.0b2 before version 2.7.0"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T10:57:01",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102926"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2017-14592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_value": "Versions starting with 1.0b2 before version 2.7.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5243",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102926"
},
{
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14592",
"datePublished": "2018-01-26T02:00:00Z",
"dateReserved": "2017-09-19T00:00:00",
"dateUpdated": "2024-09-16T22:09:36.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20234 (GCVE-0-2018-20234)
Vulnerability from nvd – Published: 2019-03-08 18:00 – Updated: 2024-09-16 23:30
VLAI?
Summary
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
1.2 , < unspecified
(custom)
Affected: unspecified , < 3.1.1 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.2",
"versionType": "custom"
},
{
"lessThan": "3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-21T15:06:05",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-03-06T00:00:00",
"ID": "CVE-2018-20234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.2"
},
{
"version_affected": "\u003c",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-6391",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-6391"
},
{
"name": "107414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107414"
},
{
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-20234",
"datePublished": "2019-03-08T18:00:00Z",
"dateReserved": "2018-12-19T00:00:00",
"dateUpdated": "2024-09-16T23:30:34.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13396 (GCVE-0-2018-13396)
Vulnerability from nvd – Published: 2018-11-05 22:00 – Updated: 2024-09-16 21:03
VLAI?
Summary
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
1.0b2 , < unspecified
(custom)
Affected: unspecified , < 3.0.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.0b2",
"versionType": "custom"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-05T21:57:02",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-13396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.0b2"
},
{
"version_affected": "\u003c",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5985",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-13396",
"datePublished": "2018-11-05T22:00:00Z",
"dateReserved": "2018-07-06T00:00:00",
"dateUpdated": "2024-09-16T21:03:34.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13385 (GCVE-0-2018-13385)
Vulnerability from nvd – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:08
VLAI?
Summary
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- Argument Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
unspecified , < 2.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "2.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Argument Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-24T12:57:01",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-07-18T00:00:00",
"ID": "CVE-2018-13385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.7.6"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5846",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5846"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2018-13385",
"datePublished": "2018-07-24T13:00:00Z",
"dateReserved": "2018-07-06T00:00:00",
"dateUpdated": "2024-09-16T22:08:24.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14592 (GCVE-0-2017-14592)
Vulnerability from nvd – Published: 2018-01-26 02:00 – Updated: 2024-09-16 22:09
VLAI?
Summary
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Sourcetree for macOS |
Affected:
Versions starting with 1.0b2 before version 2.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:38.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102926"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sourcetree for macOS",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "Versions starting with 1.0b2 before version 2.7.0"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T10:57:01",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102926"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2017-14592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for macOS",
"version": {
"version_data": [
{
"version_value": "Versions starting with 1.0b2 before version 2.7.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREE-5243",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREE-5243"
},
{
"name": "102926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102926"
},
{
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-14592",
"datePublished": "2018-01-26T02:00:00Z",
"dateReserved": "2017-09-19T00:00:00",
"dateUpdated": "2024-09-16T22:09:36.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}