CVE-2017-14592

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.1%
top 15.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian SourcetreeAtlassian Sourcetree FOR Macos
Timeline
PublishedJan 26
Latest updateMay 13

Description

Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_for_macosVersions starting with 1.0b2 before version 2.7.0
NVDatlassian/sourcetree1.02.7+1

🔴Vulnerability Details

2
GHSA
GHSA-gpjg-fjjx-7625: Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling2022-05-13
CVEList
CVE-2017-14592: Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling2018-01-26
CVE-2017-14592 (HIGH CVSS 8.8) | Sourcetree for macOS had several ar | cvebase.io