• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 2.6.1
• Affects Version/s: None
• Component/s: None
• Labels:

  • CVE-2017-1000115
  • CVE-2017-1000116
  • CVE-2017-1000117
  • advisory
  • advisory-released
  • cvss-critical
  • rce
  • security

[SRCTREE-4904] Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:13 AM

Workflow

Original: JAC Bug Workflow v3 [ 3368568 ]

New: SRCTREE JAC Bug Workflow [ 3736551 ]

Monique Khairuliana (Inactive) made changes - 16/Aug/2019 12:59 AM

Workflow	Original: SourceTree Bug Workflow [ 2415192 ]	New: JAC Bug Workflow v3 [ 3368568 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

David Black made changes - 31/Aug/2017 4:44 AM

Labels

Original: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory cvss-critical rce security

New: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory advisory-released cvss-critical rce security

Matt Hart (Inactive) made changes - 11/Aug/2017 5:01 PM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

David Black made changes - 11/Aug/2017 12:12 AM

Description

Original: SourceTree for macOS and Windows are affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 1.4.0 of SourceTree for macOS and 0.8.4b of SourceTree for Windows, this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for macOS is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 1.4.0 of SourceTree for macOS this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

David Black made changes - 11/Aug/2017 12:11 AM

Description

Original: SourceTree for macOS is affected by a remote code execution vulnerability via Distributed Version Control Systems. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for macOS and Windows are affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 1.4.0 of SourceTree for macOS and 0.8.4b of SourceTree for Windows, this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

David Black made changes - 10/Aug/2017 11:59 PM

Fix Version/s

New: 2.6.1 [ 73042 ]

David Black made changes - 10/Aug/2017 11:56 PM

Labels

Original: advisory cvss-critical rce security

New: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory cvss-critical rce security

David Black made changes - 10/Aug/2017 11:56 PM

Summary

Original: DVCS Remote Code Execution (CVE-2017-XXXX)

New: Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

Matt Hart (Inactive) made changes - 03/Aug/2017 3:14 AM

Description

Original: SourceTree for Mac is affected by a remote code execution vulnerability via Distributed Version Control Systems. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Mac starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Mac to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for macOS is affected by a remote code execution vulnerability via Distributed Version Control Systems. The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

Load more older events