[SRCTREEWIN-11917] Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.1.3
Affects Version/s: 0.5a
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue.

Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability.

For additional details, see the full advisory: https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05

mentioned in: Page Failed to load; Page Failed to load

relates to: SRCTREE-6943 Failed to load

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: logcabin (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 28/May/2019 6:58 PM

Updated:: 13/Jun/2019 11:41 PM

Resolved:: 13/Jun/2019 11:32 PM

Sourcetree for Windows

Details

Description

Attachments

Issue Links

Forms

Activity

[SRCTREEWIN-11917] Remote code execution vulnerability for Sourcetree for Windows - CVE-2019-11582

People

Dates