Uploaded image for project: 'Sourcetree For Mac'
  1. Sourcetree For Mac
  2. SRCTREE-7358

Git submodules vulnerability in Sourcetree for Mac - CVE-2020-5260

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 2 - Major

      Description

      There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL.

      Affected versions of Atlassian Sourcetree For Mac allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git.

      Affected versions:

      • version < 4.0.2

      Fixed versions:

      • 4.0.2

      Released Sourcetree for macOS version 4.0.1 that contains fixes for these issues and can be downloaded from https://www.sourcetreeapp.com/.

      For additional details, see the full advisory

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: