There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any hostname to a hostname of their choosing. Specially-crafted URLs that contain an encoded newline could inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., ) for an HTTP request being made to another server (e.g., ), resulting in credentials for the former being sent to the latter. Sourcetree uses Git, which uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. This is our assessment and you should evaluate its applicability to your own IT environment. This rating was given according to the Atlassian security levels, which rank vulnerabilities as critical, high, moderate, or low severity. Please upgrade your Sourcetree for Windows and Mac immediately to fix this vulnerability.Ītlassian has given this vulnerability a critical rating. Customers who have downloaded and installed any of the Sourcetree for Windows and Mac versions listed above ("Affected Sourcetree versions") are affected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |