CVE-2018-13397

3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 35.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Sourcetree FOR Windows Atlassian Sourcetree

Timeline

PublishedNov 5

Latest updateMay 13

Description

There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5atlassian/sourcetree_for_windows0.5.1.0 — unspecified+1

▶NVDatlassian/sourcetree0.5.1.0 — 3.0.0

🔴Vulnerability Details

GHSA

GHSA-5jh9-6vv3-xc89: There was an argument injection vulnerability in Sourcetree for Windows from version 0↗2022-05-13

▶

CVEList

CVE-2018-13397: There was an argument injection vulnerability in Sourcetree for Windows from version 0↗2018-11-05

▶