CVE-2017-14593

CVE Database · CVE-2017-14593

CVE-2017-14593

· N/AModified

CVSS v3.1

N/A

EPSS

5.52%

Published

Jan 25, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability

Weaknesses (CWE)

CWE-77

Affected Products (1)

atlassian · sourcetree (up to 2.4.7.0)vulnerable

References (6)

http://www.securityfocus.com/bid/102926

Third Party AdvisoryVDB Entry

https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html

Third Party Advisory

https://jira.atlassian.com/browse/SRCTREEWIN-8256

Third Party Advisory

http://www.securityfocus.com/bid/102926

Third Party AdvisoryVDB Entry

https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html

Third Party Advisory

https://jira.atlassian.com/browse/SRCTREEWIN-8256

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs