Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.3.9
Affects Version/s: 3.2.2
Component/s: Git
Labels:

Symptom Severity:
Severity 2 - Major

Description

There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL.

Affected versions of Atlassian Sourcetree For Mac allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git.

Affected versions of Atlassian Sourcetree for Windows allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git.

Affected versions:

Windows version 3.2.2 and earlier

Fixed versions:

Windows version 3.3.9

Released Sourcetree for Windows version 3.3.9 that contains fixes for these issues and can be downloaded from https://www.sourcetreeapp.com/.

For additional details, see the full advisory

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Due:: 17/Nov/2020

Created:: 18/Aug/2020 4:57 PM

Updated:: 19/Nov/2020 4:39 AM

Resolved:: 25/Aug/2020 1:04 AM