• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: 3.1.3
• Affects Version/s: 0.5a
• Component/s: None
• Labels:

  • CVE-2019-11582
  • advisory
  • advisory-released
  • cvss-critical
  • security

[SRCTREEWIN-11917] Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:22 AM

Workflow

Original: JAC Bug Workflow v3 [ 3456268 ]

New: SRCTREE JAC Bug Workflow [ 3742842 ]

Monique Khairuliana (Inactive) made changes - 26/Aug/2019 5:20 AM

Workflow

Original: SourceTree Bug Workflow [ 3208555 ]

New: JAC Bug Workflow v3 [ 3456268 ]

David Black made changes - 13/Jun/2019 11:41 PM

Description

Original: There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

New: There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

David Black made changes - 13/Jun/2019 11:41 PM

Description

Original: There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

New: There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

David Black made changes - 13/Jun/2019 11:39 PM

Description

Original: There was an argument injection vulnerability in SourceTree for Windows via the URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

New: There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

David Black made changes - 13/Jun/2019 11:36 PM

Description

Original: There was a remote code execution vulnerability in SourceTree for Windows via the URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, the attacker gained remote code execution on the target system. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

New: There was an argument injection vulnerability in SourceTree for Windows via the URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue. For additional details, see the full advisory: [https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05]

David Black made changes - 13/Jun/2019 11:34 PM

Remote Link

New: This issue links to "SRCTREE-6943 (Software Teams JIRA)" [ 430464 ]

David Black made changes - 13/Jun/2019 11:32 PM

Summary

Original: Remote code execution vulnerability for Sourcetree for Windows -=

New: Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

David Black made changes - 13/Jun/2019 11:32 PM

Summary

Original: Remote code execution vulnerability for Sourcetree for Windows

New: Remote code execution vulnerability for Sourcetree for Windows -=

David Black made changes - 13/Jun/2019 11:32 PM

Labels

Original: advisory advisory-released cvss-critical security

New: CVE-2019-11582 advisory advisory-released cvss-critical security

Load more older events