CVE-2017-8768

CVE Database · CVE-2017-8768

CVE-2017-8768

· N/AModified

CVSS v3.1

N/A

EPSS

8.26%

Published

May 4, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.

Weaknesses (CWE)

CWE-78

Affected Products (1)

atlassian · sourcetreevulnerable

References (8)

http://openwall.com/lists/oss-security/2017/05/03/5

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2017/May/10

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/98329

Third Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=SQ1_Ht-0Bdo

Third Party Advisory

http://openwall.com/lists/oss-security/2017/05/03/5

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2017/May/10

KEV Catalog EPSS Scores Vendors All CVEs