Customers who have downloaded and installed Sourcetree for macOS before version 3.1.1 or Sourcetree for Windows before version 3.0.17 are affected.Please to fix this vulnerability.Mercurial hooks vulnerability - CVE-2018-20234 and CVE-2018-20235 SeverityAtlassian rates the severity level of this vulnerability as critical, according to the scale published in. The scale allows us to rank the severity as critical, high, moderate or low.This is our assessment and you should evaluate how it applies to your own IT environment. DescriptionSourcetree for macOS before version 3.1.1 and Sourcetree for Windows before version 3.0.15 were vulnerable to CVE-2018-20234 and CVE-2018-20235 respectively.
![]() ![]()
A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS or Windows is able to exploit this issue to gain code execution on the system.Versions of Sourcetree for macOS starting with 1.2 before version 3.1.1 are affected by this vulnerability. This issue can be tracked here:- Argument Injection via Mercurial hooks in Sourcetree for macOS - CVE-2018-20234 CLOSEDVersions of Sourcetree for Windows starting with 0.5a before version 3.0.15 are affected by this vulnerability. This issue can be tracked here:- Argument Injection via Mercurial hooks in Sourcetree for Windows - CVE-2018-20235 CLOSED AcknowledgementsCredit for finding this vulnerability goes to Terry Zhang (pnig0s) at Tophant.
SourceTree 2.3.2 Download Latest Version. Set up SourceTree Atlassian Documentation. Introducing SourceTree for Windows. Installing the SourceTree GUI on Windows.
FixWe have taken the following steps to address this issue:.Released Sourcetree for Windows version 3.0.15 that contains a fix for this issue.Released Sourcetree for macOS version 3.1.1 that contains a fix for this issue.Git submodules vulnerability - CVE-2018-17456 SeverityAtlassian rates the severity level of this vulnerability as critical, according to the scale published in. The scale allows us to rank the severity as critical, high, moderate or low.This is our assessment and you should evaluate how it applies to your own IT environment. DescriptionSourcetree for macOS before version 3.1.1 and Sourcetree for Windows before version 3.0.17 were both vulnerable to CVE-2018-17456. A remote attacker with permission to commit to a git repository linked in Sourcetree for macOS or Windows is able to exploit this issue to gain code execution on the system.Versions of Sourcetree for macOS starting with 1.2 before version 3.1.1 are affected by this vulnerability.
This issue can be tracked here:- Input validation vulnerability via Git in Sourcetree for Mac - CVE-2018-17456 CLOSEDVersions of Sourcetree for Windows starting with 0.5a before version 3.0.17 are affected by this vulnerability. This issue can be tracked here:- Input validation vulnerability via Git in Sourcetree for Windows - CVE-2018-17456 CLOSED AcknowledgementsCredit for finding this vulnerability goes to Terry Zhang (pnig0s) at Tophant. FixWe have taken the following steps to address this issue:.Released Sourcetree for macOS version 3.1.1 that contains a fix for this issue.Released Sourcetree for Windows version 3.0.17 that contains a fix for this issue.URI handling vulnerability - CVE-2018-20236 SeverityAtlassian rates the severity level of this vulnerability as critical, according to the scale published in. The scale allows us to rank the severity as critical, high, moderate or low.This is our assessment and you should evaluate how it applies to your own IT environment.DescriptionSourcetree for Windows before version 3.0.10 was vulnerable to CVE-2018-20236. A remote attacker able to send a URI to a Sourcetree for Windows user is able to exploit this issue to gain code execution on the system.Versions of Sourcetree for Windows starting with 0.5a before version 3.0.10 are affected by this vulnerability. This issue can be tracked here:- Command Injection via URI handling in Sourcetree for Windows - CVE-2018-20236 CLOSED AcknowledgementsCredit for finding this vulnerability goes to Terry Zhang (pnig0s) at Tophant.
FixWe have taken the following steps to address this issue:.Released Sourcetree for Windows version 3.0.10 that contains a fix for this issue.What You Need to DoUpgrade Sourcetree for Windows to version 3.0.17 or higher.Upgrade Sourcetree for macOS to version 3.1.1 or higher.Atlassian recommends that you upgrade to the latest version. For a full description of the latest version of Sourcetree for macOS, see the.
![]()
For a full description of the latest version of Sourcetree for Windows, see the. You can download the latest version of Sourcetree from the. SupportIf you did not receive an email for this advisory and you wish to receive such emails in the future go to and subscribe to Alerts emails.If you have questions or concerns regarding this advisory, please raise a support request at.
SourceTree is a fast and easy way to work with Git and Mercurial. Easily utilise both distributed version control systems from one application. Work with your, Bitbucket, and Kiln accounts without leaving the application. Also works with Subversion servers too! Atlassian has acquired SourceTree, and it is now free for a limited time!Full-powered DVCSSay goodbye to the command line – use the full capability of Git and Mercurial in the SourceTree desktop app. Manage all your repositories, hosted or local, through the tool's simple interface.Perfect for newcomersSimplify DVCS for your team.
The app can bring everyone up to speed with Git and Mercurial. Create, clone, commit, push, pull, merge, and more are all just a click away.Powerful enough for expertsMake advanced Git and Mercurial devs even more productive. Review your outgoing and incoming changesets, cherry-pick between branches, patch handling, rebase, stash, shelve, and much more.Git-flow and Hg-flow out of the boxUse Git-flow and Hg-flow with ease. Keep your repositories cleaner and your development more efficient with Source Tree's intuitive interface to Git and Hg's 'branchy' development model. A consistent development process, right out of the box!Note: Requires.Also Available.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |