[SRCTREEWIN-7579] Git downloads over HTTP

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.3.2.0
Affects Version/s: 2.1.2.5
Component/s: General
Labels:
Environment:

Windows 8.1/10 x64

Symptom Severity:
Severity 2 - Major

SourceTree downloads the standalone Git and every other zips over HTTP from the Atlassian servers. This is not secure and should be switched to HTTPS.

Ashley Blackmore added a comment - 10/Jul/2017 12:24 PM

CVSS v3 score: 3.5 => Low severity

Exploitability Metrics

Attack Vector	Adjacent
Attack Complexity	Low
Privileges Required	None
User Interaction	Required

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

See http://go.atlassian.com/cvss for more details.

Ashley Blackmore added a comment - 10/Jul/2017 12:24 PM CVSS v3 score: 3.5 => Low severity Exploitability Metrics Attack Vector Adjacent Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None See http://go.atlassian.com/cvss for more details.

Assignee:: minnsey

Reporter:: Stanzilla

Affected customers:: 1 This affects my team

Watchers:: 2 Start watching this issue

Created:: 09/Jul/2017 2:59 AM

Updated:: 26/Aug/2019 5:05 AM

Resolved:: 25/Sep/2017 3:34 PM

Sourcetree for Windows

Details

Description

Attachments

Forms

Activity

Collapse comment: Ashley Blackmore added a comment - 10/Jul/2017 12:24 PM

Expand comment: Ashley Blackmore added a comment - 10/Jul/2017 12:24 PM

People

Dates