CVE-2018-13386

CWE-883 documents3 sources
Severity
8.1HIGH
EPSS
0.4%
top 37.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Sourcetree FOR WindowsAtlassian Sourcetree
Timeline
PublishedJul 24
Latest updateMay 13

Description

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_for_windowsunspecified2.6.9

🔴Vulnerability Details

2
GHSA
GHSA-qhw8-cj7p-3gxh: There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories2022-05-13
CVEList
CVE-2018-13386: There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories2018-07-24
CVE-2018-13386 (HIGH CVSS 8.1) | There was an argument injection vul | cvebase.io