CVE-2018-5226

3 documents3 sources
Severity
8.8HIGH
EPSS
0.5%
top 32.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Sourcetree WindowsAtlassian Sourcetree
Timeline
PublishedApr 25
Latest updateMay 13

Description

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5atlassian/sourcetree_windowsunspecified2.5.5.0
NVDatlassian/sourcetree< 2.5.5.0

🔴Vulnerability Details

2
GHSA
GHSA-4rr7-7xpx-xq3f: There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted2022-05-13
CVEList
CVE-2018-5226: There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted2018-04-25
CVE-2018-5226 (HIGH CVSS 8.8) | There was an argument injection vul | cvebase.io