Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.1.3
Affects Version/s: 0.5a
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical

Description

There was an argument injection vulnerability in SourceTree for Windows in URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, an attacker could gained remote code execution on the target system by exploiting this issue.

Versions of Sourcetree for Windows starting with 0.5a before 3.1.3 are affected by this vulnerability.

For additional details, see the full advisory: https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2019-06-05

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

relates to: SRCTREE-6943 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: logcabin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/May/2019 6:58 PM

Updated:: 13/Jun/2019 11:41 PM

Resolved:: 13/Jun/2019 11:32 PM