PT-2019-10027 · Atlassian+1 · Sourcetree+1

Pnig0S

Published

2019-03-08

Updated

2020-05-11

CVE-2018-20234

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Atlassian Sourcetree for macOS versions 1.2 through 3.1.1

Description: The issue allows a remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS to exploit an argument injection vulnerability via filenames in Mercurial repositories, potentially gaining code execution on the system.

Recommendations: For Atlassian Sourcetree for macOS versions 1.2 through 3.1.1, update to version 3.1.1 or later to resolve the issue.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2018-20234

Affected Products

Sourcetree

Mercurial

PT-2019-10027 · Atlassian+1 · Sourcetree+1

CVE-2018-20234

Weakness Enumeration

Related Identifiers

Affected Products

References · 6