• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 3.0.17
• Affects Version/s: 3.0.15
• Component/s: None
• Labels:

  • CVE-2018-17456
  • advisory
  • advisory-released
  • bugbounty
  • cvss-critical
  • input-validation
  • security

[SRCTREEWIN-11292] Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456

Eric Franklin (Inactive) made changes - 13/Dec/2023 5:37 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 847716 ]

Eric Franklin (Inactive) made changes - 08/Dec/2023 8:28 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 845995 ]

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:22 AM

Workflow

Original: JAC Bug Workflow v3 [ 3455001 ]

New: SRCTREE JAC Bug Workflow [ 3741914 ]

Monique Khairuliana (Inactive) made changes - 26/Aug/2019 5:17 AM

Workflow

Original: SourceTree Bug Workflow [ 3089805 ]

New: JAC Bug Workflow v3 [ 3455001 ]

David Black made changes - 07/Mar/2019 12:38 AM

Labels

Original: CVE-2018-17456 advisory advisory-to-release bugbounty cvss-critical input-validation security

New: CVE-2018-17456 advisory advisory-released bugbounty cvss-critical input-validation security

Erin Jensby made changes - 07/Mar/2019 12:37 AM

Security

Original: Atlassian Staff [ 10750 ]

Erin Jensby made changes - 06/Mar/2019 6:00 PM

Description

Original: There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected versions:  * Versions of Sourcetree for Windows before version 3.0.17 are affected by this vulnerability h4. Fix:  * Upgrade Sourcetree for Windows to version 3.0.17 or higher from [https://www.sourcetreeapp.com/] For additional details, see the full advisory <insert CAC page>.

New: There was an input validation vulnerability in Sourcetree for Windows via a Git repository with submodules. A remote attacker with permission to commit to a Git repository linked in Sourcetree for Windows is able to able to exploit this issue to gain code execution on the system. h4. Affected versions:  * Versions of Sourcetree for Windows before version 3.0.17 are affected by this vulnerability h4. Fix:  * Upgrade Sourcetree for Windows to version 3.0.17 or higher from [https://www.sourcetreeapp.com/] For additional details, see the full advisory: https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html

Erin Jensby made changes - 06/Mar/2019 5:52 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Reopened [ 4 ]	New: Closed [ 6 ]

Erin Jensby made changes - 06/Mar/2019 5:51 PM

Resolution	Original: Fixed [ 1 ]
Status	Original: Closed [ 6 ]	New: Reopened [ 4 ]

AB made changes - 21/Feb/2019 11:08 PM

Remote Link

Original: This issue links to "Page (Confluence)" [ 410346 ]

Load more older events