Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-13386

EPSS 0.43% · P63
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-13386

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Atlassian Sourcetree for Windows 参数注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Atlassian Sourcetree for Windows是澳大利亚Atlassian公司一款基于Windows平台的免费的Git和Mercurial客户端工具,它能够利用可视化界面管理存储库。 基于Windows平台的Sourcetree中存在参数注入漏洞。攻击者可借助Mercurial库中的文件名利用该漏洞在系统上执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AtlassianSourcetree for Windows unspecified ~ 2.6.9 -

II. Public POCs for CVE-2018-13386

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-13386

登录查看更多情报信息。

Same Patch Batch · Atlassian · 2018-07-24 · 3 CVEs total

CVE-2017-18104Atlassian Jira Webhooks组件安全漏洞
CVE-2018-13385Atlassian Sourcetree for macOS 安全漏洞

IV. Related Vulnerabilities

Same product: Sourcetree for Windows
Same vendor: Atlassian

V. Comments for CVE-2018-13386

No comments yet

Leave a comment