Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-14592

Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.

Published

2018-01-26T02:29:02.313

Last Modified

2024-11-21T03:13:09.977

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-77
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application atlassian sourcetree < 2.7 Yes
Application atlassian sourcetree 1.0 Yes
Application atlassian sourcetree 1.0 Yes
Application atlassian sourcetree 1.0 Yes
Application atlassian sourcetree 1.0 Yes
Application atlassian sourcetree 1.0 Yes
References