• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 3.3.9
• Affects Version/s: 3.2.2
• Component/s: Git
• Labels:

  • advisory
  • advisory-released
  • cvss-critical
  • information-disclosure
  • resolved-in-vf
  • security
  • security-imported

[SRCTREEWIN-13182] Git submodules vulnerability in Sourcetree for Windows - CVE-2020-5260

David Black made changes - 19/Nov/2020 4:39 AM

Labels

Original: advisory advisory-to-release cvss-critical information-disclosure resolved-in-vf security security-imported

New: advisory advisory-released cvss-critical information-disclosure resolved-in-vf security security-imported

Security Metrics Bot made changes - 28/Oct/2020 5:45 PM

Labels

Original: advisory advisory-to-release cvss-critical information-disclosure security security-imported

New: advisory advisory-to-release cvss-critical information-disclosure resolved-in-vf security security-imported

Krishna Balasani (Inactive) made changes - 02/Sep/2020 5:43 PM

Security

Original: Atlassian Staff [ 10750 ]

David Black made changes - 01/Sep/2020 11:29 PM

Description

Original: There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassian Sourcetree For Mac allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git. Affected versions of Atlassian Sourcetree for Windows allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git. *Affected versions:*  * Windows version 3.2.2 and earlier *Fixed versions:*  * Windows version 3.3.9 *Released Sourcetree for Windows version 3.3.9* that contains fixes for these issues and can be downloaded from [https://www.sourcetreeapp.com/]. For additional details, see the [full advisory|https://confluence.atlassian.com/pages/viewpage.action?spaceKey=SOURCETREEKB&title=SourceTree+Security+Advisory+2020-08-26&permissionViolation=true]

New: There was a vulnerability in Sourcetree for macOS and windows that could reveal Git user credentials via maliciously crafted URL by an attacker, This vulnerability is triggered when the affected version of Git is used to execute a git clone command on a malicious URL. Affected versions of Atlassian Sourcetree For Mac allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git. Affected versions of Atlassian Sourcetree for Windows allow remote attackers to view sensitive information via an Information Disclosure vulnerability in Git. *Affected versions:*  * Windows version 3.2.2 and earlier *Fixed versions:*  * Windows version 3.3.9 *Released Sourcetree for Windows version 3.3.9* that contains fixes for these issues and can be downloaded from [https://www.sourcetreeapp.com/]. For additional details, see the [full advisory|https://confluence.atlassian.com/pages/viewpage.action?spaceKey=SOURCETREEKB&title=SourceTree+Security+Advisory+2020-09-02]

Krishna Balasani (Inactive) made changes - 26/Aug/2020 7:54 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 501191 ]

Krishna Balasani (Inactive) made changes - 26/Aug/2020 7:42 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 501190 ]

David Black made changes - 25/Aug/2020 1:04 AM

Resolution		New: Fixed [ 1 ]
Status	Original: Needs Triage [ 10030 ]	New: Closed [ 6 ]

Krishna Balasani (Inactive) made changes - 18/Aug/2020 5:57 PM

Summary

Original: Information disclosure in Git - CVE-PENDING

New: Git submodules vulnerability in Sourcetree for Windows - CVE-2020-5260

Security Metrics Bot made changes - 18/Aug/2020 5:15 PM

Labels

Original: advisory advisory-to-release cvss-critical information-disclosure security

New: advisory advisory-to-release cvss-critical information-disclosure security security-imported

Security Metrics Bot made changes - 18/Aug/2020 5:11 PM

Due Date

New: 17/Nov/2020

Load more older events