Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a starting point for asking further questions on Community if you need.

 

Summary of affected versions:

Atlassian recommends all Sourcetree Windows clients using versions:

0.5a <= version <= 3.1.2

upgrade immediately to 3.1.3 which you can download from https://www.sourcetreeapp.com.

Note: Sourcetree for Mac versions are NOT affected by this vulnerability.

 

Severity

Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low.

This is our assessment and you should evaluate its applicability to your own IT environment.

 

Description

There was a remote code execution vulnerability in SourceTree for Windows via the URI handlers. A remote, unauthenticated attacker was required to convince a user to interact with a crafted URL in order to exploit the vulnerability. With user interaction, the attacker gained remote code execution on the target system.

All versions of Sourcetree for Windows up to and including 3.1.2 are affected by this vulnerability.  More details on this can be found in the KB Sourcetree Security Advisory 2019-06-05 and in the bug ticket SRCTREEWIN-11942.

 

What You Need to Do

Atlassian recommends that you upgrade to the latest version. For a full description of the latest version of Sourcetree for Windows, see the release notesDownload the latest version of Sourcetree.

Upgrade Sourcetree for Windows to version 3.1.3 or higher.

 

Mitigation

  • Atlassian recommends upgrading Sourcetree Windows to version 3.1.3 or higher.
  • Alternatively, for lower versions, please uncheck the Use this version of Sourcetree for URI association option under Tools > Options

 

Asking questions

To make sure we can organize and reply to questions about this security advisory, this post is locked. We ask that you please create a new question using this link which will help us ensure that your question is not lost among other replies.

0 comments

Comments for this post are closed

Community moderators have prevented the ability to post new comments.

TAGS
Community showcase
Posted in Sourcetree

[dev team] Sourcetree for Windows 2019 Preview - Dark Theme

Hi folks, While the full post is over on our blog I'd like to share the dark theme we've got planned for 2019 here directly as well to keep the discussion going.  The ...

3,196 views 19 18
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you