CVE-2018-13385

CWE-883 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 37.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Sourcetree FOR MacosAtlassian Sourcetree
Timeline
PublishedJul 24
Latest updateMay 13

Description

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_for_macosunspecified2.7.6
NVDatlassian/sourcetree1.02.7.6+1

🔴Vulnerability Details

2
GHSA
GHSA-qmx8-jjxc-9jwh: There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories2022-05-13
CVEList
CVE-2018-13385: There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories2018-07-24
CVE-2018-13385 (CRITICAL CVSS 9.8) | There was an argument injection vul | cvebase.io