Remote Code Execution Vulnerability in Sourcetree for Mac and Windows by Atlassian
CVE-2023-22514

7.8HIGH

Key Information:

Vendor: Atlassian
Status: Sourcetree For Mac; Sourcetree For Windows
Vendor: CVE Published:; 16 January 2024

Summary

An RCE vulnerability has been identified in Sourcetree for both Mac and Windows, beginning from version 3.4.14. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, impacting confidentiality, integrity, and availability. Users are strongly advised to upgrade to versions greater than or equal to 3.4.15 to mitigate this risk. For those unable to upgrade immediately, consulting the specified supported fixed versions is recommended. Details on the necessary actions and downloadable updates can be found in the release notes.

Affected Version(s)

Sourcetree for Mac >= 3.4.14 < 3.4.14

Sourcetree for Windows >= 3.4.14 < 3.4.14

Sourcetree for Mac < 3.4.14 < 3.4.14

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/SRCTREE-8076

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Jan 1, 2023