CVE-2017-8768

Sažetak

Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.

Reference

http://openwall.com/lists/oss-security/2017/05/03/5
http://seclists.org/fulldisclosure/2017/May/10
http://www.securityfocus.com/bid/98329
https://www.youtube.com/watch?v=SQ1_Ht-0Bdo

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

17-05-2017 - 16:04

Objavljeno

04-05-2017 - 22:29