Potential 7z.exe vulnerability CVE-2022-29072

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 3.6.16
    • Affects Version/s: 3.4.8, 3.4.9
    • Component/s: General
    • None
    • Severity 2 - Major

      7z vulnerability CVE-2022-29072

      I don't know if Atlassian is aware of this issue or not, but doing a vulnerability scan with my AV software it detected 7z.exe under 

      C:\Users\Name\AppData\Local\SourceTree\app-3.4.9\tools

      As a potential point of attack. It sighted the 7-Zip vulnerability CVE-2022-29072 as the problem, now i don't know if sourcetree comes packaged with 7-Zip or not but i thought it was worth while raising the issue, not finding anything about it affecting sourcetree elsewhere.

      Kaspersky Threats — KLA12514

      GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

      ⚠️ New 7-Zip Software Exploit Found! - Here's The Fix - YouTube

      Info on the exploit

            Assignee:
            Mukesh Kumar (Inactive)
            Reporter:
            Jonty
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: