CVE-2018-13396

3 documents3 sources
Severity
8.8HIGH
EPSS
0.5%
top 36.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Sourcetree FOR MacosAtlassian Sourcetree
Timeline
PublishedNov 5
Latest updateMay 13

Description

There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_for_macos1.0b2unspecified+1
NVDatlassian/sourcetree1.03.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-m9xm-c5p7-mr3h: There was an argument injection vulnerability in Sourcetree for macOS from version 12022-05-13
CVEList
CVE-2018-13396: There was an argument injection vulnerability in Sourcetree for macOS from version 12018-11-05
CVE-2018-13396 (HIGH CVSS 8.8) | There was an argument injection vul | cvebase.io