Argument Injection Vulnerability in Sourcetree for macOS by Atlassian
CVE-2018-13396

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Sourcetree For Mac OS
Vendor: CVE Published:; 5 November 2018

Summary

An argument injection vulnerability exists in Sourcetree for macOS that could allow an attacker with commit privileges to a linked Mercurial repository to execute arbitrary code on the target system. This can occur through the manipulation of Git subrepositories, which can be exploited by malicious actors to compromise the integrity and security of the user's environment. Proper access controls and validation mechanisms are essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

Sourcetree for macOS 1.0b2

Sourcetree for macOS < 3.0.0

References

https://jira.atlassian.com/browse/SRCTREE-5985

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 5, 2018
Vulnerability Reserved
Jul 6, 2018