Uploaded image for project: 'Sourcetree for Windows'
  1. Sourcetree for Windows
  2. SRCTREEWIN-11917

Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 1 - Critical

      Description

      There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue.

      Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability.

      For additional details, see the full advisory: https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              enagy@atlassian.com Elisabeth Nagy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: