exploitDog

CVE-2018-13386

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.

Ссылки

https://jira.atlassian.com/browse/SRCTREEWIN-8884
Vendor Advisory
https://jira.atlassian.com/browse/SRCTREEWIN-8884
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*

Версия до 2.6.9 (исключая)

EPSS

Процентиль: 63%

0.00457

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-qhw8-cj7p-3gxh

CVSS3: 8.1

github

больше 3 лет назад

There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.

EPSS

Процентиль: 63%

0.00457

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-88