Vulnerability Details : CVE-2018-5226
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
Products affected by CVE-2018-5226
- cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-5226
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5226
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2018-5226
-
https://jira.atlassian.com/browse/SRCTREEWIN-8509
[SRCTREEWIN-8509] Argument injection via Mercurial tag names on Windows - CVE-2018-5226 - Create and track feature requests for Atlassian products.Vendor Advisory
Jump to