• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 2.1.10.0
• Affects Version/s: None
• Component/s: None
• Labels:

  • CVE-2017-1000115
  • CVE-2017-1000116
  • CVE-2017-1000117
  • advisory
  • advisory-released
  • cvss-critical
  • rce
  • security

[SRCTREEWIN-7663] Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

Monique Khairuliana (Inactive) made changes - 30/Sep/2019 4:23 AM

Workflow

Original: JAC Bug Workflow v3 [ 3452655 ]

New: SRCTREE JAC Bug Workflow [ 3744984 ]

Monique Khairuliana (Inactive) made changes - 26/Aug/2019 5:13 AM

Workflow	Original: SourceTree Bug Workflow [ 2415193 ]	New: JAC Bug Workflow v3 [ 3452655 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

David Black made changes - 31/Aug/2017 4:44 AM

Labels

Original: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory cvss-critical rce security

New: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory advisory-released cvss-critical rce security

Matt Hart (Inactive) made changes - 11/Aug/2017 5:01 PM

Fix Version/s

New: 2.1.10.0 [ 73713 ]

Matt Hart (Inactive) made changes - 11/Aug/2017 5:01 PM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

David Black made changes - 11/Aug/2017 12:14 AM

Description

Original: SourceTree for Windows is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 0.8.4b of SourceTree for Windows this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for Windows is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 0.8.4b of SourceTree for Windows this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.10 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Windows to version 2.1.10 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

David Black made changes - 11/Aug/2017 12:13 AM

Description

Original: SourceTree for Windows is affected by a remote code execution vulnerability via Distributed Version Control Systems (DVCS). The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.10 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Windows to version 2.1.10 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for Windows is affected by vulnerabilities found in the Git and Mercurial software. This vulnerability can be triggered through a malicious repository when it is checked out using SourceTree. From version 0.8.4b of SourceTree for Windows this vulnerability can be triggered from a webpage through the use of the SourceTree URI handler. *Affected versions:* * Versions of SourceTree for macOS starting with 1.0b2 before version 2.6.1 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for macOS to version 2.6.1 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

David Black made changes - 10/Aug/2017 11:58 PM

Labels

Original: advisory cvss-critical rce security

New: CVE-2017-1000115 CVE-2017-1000116 CVE-2017-1000117 advisory cvss-critical rce security

David Black made changes - 10/Aug/2017 11:56 PM

Summary

Original: DVCS Remote Code Execution (CVE-2017-XXXX)

New: Remote Code Execution via Git and Mercurial - (CVE-2017-1000117, CVE-2017-1000115, CVE-2017-1000116)

Matt Hart (Inactive) made changes - 10/Aug/2017 11:40 PM

Description

Original: SourceTree for Windows is affected by a remote code execution vulnerability via Distributed Version Control Systems (DVCS). The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.9 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Windows to version 2.1.9 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

New: SourceTree for Windows is affected by a remote code execution vulnerability via Distributed Version Control Systems (DVCS). The vulnerability can be triggered through a browser or the SourceTree interface. *Affected versions:* * Versions of SourceTree for Windows starting with 0.5.1.0 before version 2.1.10 are affected by this vulnerability. *Fix:* * Upgrade SourceTree for Windows to version 2.1.10 or higher from https://www.sourcetreeapp.com/   For additional details see [the full advisory|https://confluence.atlassian.com/x/c-mdNw].

Load more older history items