Remote Code Execution Vulnerability in Sourcetree for Mac and Windows by Atlassian
CVE-2023-22514

7.8HIGH

Key Information:

Vendor
Atlassian
Vendor
CVE Published:
16 January 2024

Summary

An RCE vulnerability has been identified in Sourcetree for both Mac and Windows, beginning from version 3.4.14. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, impacting confidentiality, integrity, and availability. Users are strongly advised to upgrade to versions greater than or equal to 3.4.15 to mitigate this risk. For those unable to upgrade immediately, consulting the specified supported fixed versions is recommended. Details on the necessary actions and downloadable updates can be found in the release notes.

Affected Version(s)

Sourcetree for Mac >= 3.4.14 < 3.4.14

Sourcetree for Windows >= 3.4.14 < 3.4.14

Sourcetree for Mac < 3.4.14 < 3.4.14

References

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.