Argument Injection Vulnerability in Sourcetree for Windows by Atlassian
CVE-2018-13386

8.1HIGH

Key Information:

Vendor

Atlassian
Status
Sourcetree For Windows
Vendor
CVE Published:
24 July 2018

What is CVE-2018-13386?

An argument injection vulnerability exists in Sourcetree for Windows due to mishandling of filenames in Mercurial repositories. If an attacker has permissions to commit to a Mercurial repository linked in the application, they can exploit this weakness to execute arbitrary code on the victim's system. Users of versions prior to 2.6.9 are particularly at risk and should consider upgrading to ensure their systems remain secure.

Affected Version(s)

Sourcetree for Windows < 2.6.9

References

https://jira.atlassian.com/browse/SRCTREEWIN-8884
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.