CVE-2018-13385

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.

Ссылки

https://jira.atlassian.com/browse/SRCTREE-5846
Vendor Advisory
https://jira.atlassian.com/browse/SRCTREE-5846
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:mac_os_x:*:*

Версия от 1.0 (включая) до 2.7.6 (исключая)

cpe:2.3:a:atlassian:sourcetree:1.0:beta2:*:*:*:macos:*:*

cpe:2.3:a:atlassian:sourcetree:1.0:beta3:*:*:*:macos:*:*

cpe:2.3:a:atlassian:sourcetree:1.0:beta4:*:*:*:macos:*:*

cpe:2.3:a:atlassian:sourcetree:1.0:beta5:*:*:*:macos:*:*

cpe:2.3:a:atlassian:sourcetree:1.0:rc1:*:*:*:macos:*:*

EPSS

Процентиль: 63%

0.00452

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-qmx8-jjxc-9jwh