Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Sourcetree for macOS by Atlassian

    CVE-2018-20234 (GCVE-0-2018-20234)

    Vulnerability from nvd – Published: 2019-03-08 18:00 – Updated: 2024-09-16 23:30
    VLAI
    Summary
    There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: 1.2 , < unspecified (custom)
    Affected: unspecified , < 3.1.1 (custom)
    Create a notification for this product.
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:58:18.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
              },
              {
                "name": "107414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107414"
              },
              {
                "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Mar/30"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-21T15:06:05.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
            },
            {
              "name": "107414",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107414"
            },
            {
              "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Mar/30"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-03-06T00:00:00",
              "ID": "CVE-2018-20234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-6391",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
                },
                {
                  "name": "107414",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107414"
                },
                {
                  "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Mar/30"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-20234",
        "datePublished": "2019-03-08T18:00:00.000Z",
        "dateReserved": "2018-12-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:30:34.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13396 (GCVE-0-2018-13396)

    Vulnerability from nvd – Published: 2018-11-05 22:00 – Updated: 2024-09-16 21:03
    VLAI
    Summary
    There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/SRCTREE-5985 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: 1.0b2 , < unspecified (custom)
    Affected: unspecified , < 3.0.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0b2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-05T21:57:02.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-13396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0b2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5985",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-13396",
        "datePublished": "2018-11-05T22:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:03:34.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13385 (GCVE-0-2018-13385)

    Vulnerability from nvd – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:08
    VLAI
    Summary
    There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/SRCTREE-5846 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: unspecified , < 2.7.6 (custom)
    Create a notification for this product.
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "2.7.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T12:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-13385",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.7.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5846",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-13385",
        "datePublished": "2018-07-24T13:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:08:24.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14592 (GCVE-0-2017-14592)

    Vulnerability from nvd – Published: 2018-01-26 02:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: Versions starting with 1.0b2 before version 2.7.0
    Create a notification for this product.
    Date Public
    2018-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:38.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
              },
              {
                "name": "102926",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102926"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions starting with 1.0b2 before version 2.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-07T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
            },
            {
              "name": "102926",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102926"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-01-24T00:00:00",
              "ID": "CVE-2017-14592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions starting with 1.0b2 before version 2.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5243",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
                },
                {
                  "name": "102926",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102926"
                },
                {
                  "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-14592",
        "datePublished": "2018-01-26T02:00:00.000Z",
        "dateReserved": "2017-09-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:36.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20234 (GCVE-0-2018-20234)

    Vulnerability from cvelistv5 – Published: 2019-03-08 18:00 – Updated: 2024-09-16 23:30
    VLAI
    Summary
    There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: 1.2 , < unspecified (custom)
    Affected: unspecified , < 3.1.1 (custom)
    Create a notification for this product.
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:58:18.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
              },
              {
                "name": "107414",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107414"
              },
              {
                "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Mar/30"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-21T15:06:05.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
            },
            {
              "name": "107414",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107414"
            },
            {
              "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Mar/30"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-03-06T00:00:00",
              "ID": "CVE-2018-20234",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-6391",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-6391"
                },
                {
                  "name": "107414",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107414"
                },
                {
                  "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Mar/30"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-20234",
        "datePublished": "2019-03-08T18:00:00.000Z",
        "dateReserved": "2018-12-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:30:34.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13396 (GCVE-0-2018-13396)

    Vulnerability from cvelistv5 – Published: 2018-11-05 22:00 – Updated: 2024-09-16 21:03
    VLAI
    Summary
    There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/SRCTREE-5985 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: 1.0b2 , < unspecified (custom)
    Affected: unspecified , < 3.0.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0b2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-05T21:57:02.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-13396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0b2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5985",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-13396",
        "datePublished": "2018-11-05T22:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:03:34.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-13385 (GCVE-0-2018-13385)

    Vulnerability from cvelistv5 – Published: 2018-07-24 13:00 – Updated: 2024-09-16 22:08
    VLAI
    Summary
    There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/SRCTREE-5846 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: unspecified , < 2.7.6 (custom)
    Create a notification for this product.
    Date Public
    2018-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:00:35.151Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "2.7.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T12:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-07-18T00:00:00",
              "ID": "CVE-2018-13385",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.7.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5846",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5846"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-13385",
        "datePublished": "2018-07-24T13:00:00.000Z",
        "dateReserved": "2018-07-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:08:24.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14592 (GCVE-0-2017-14592)

    Vulnerability from cvelistv5 – Published: 2018-01-26 02:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Sourcetree for macOS Affected: Versions starting with 1.0b2 before version 2.7.0
    Create a notification for this product.
    Date Public
    2018-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:38.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
              },
              {
                "name": "102926",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102926"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Sourcetree for macOS",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions starting with 1.0b2 before version 2.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-07T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
            },
            {
              "name": "102926",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102926"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-01-24T00:00:00",
              "ID": "CVE-2017-14592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Sourcetree for macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions starting with 1.0b2 before version 2.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/SRCTREE-5243",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/SRCTREE-5243"
                },
                {
                  "name": "102926",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102926"
                },
                {
                  "name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-14592",
        "datePublished": "2018-01-26T02:00:00.000Z",
        "dateReserved": "2017-09-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:36.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }