Remote Code Execution Vulnerability in Sourcetree for Mac and Windows by Atlassian
CVE-2023-22514
7.8HIGH
Key Information:
- Vendor
- Atlassian
- Vendor
- CVE Published:
- 16 January 2024
Summary
An RCE vulnerability has been identified in Sourcetree for both Mac and Windows, beginning from version 3.4.14. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, impacting confidentiality, integrity, and availability. Users are strongly advised to upgrade to versions greater than or equal to 3.4.15 to mitigate this risk. For those unable to upgrade immediately, consulting the specified supported fixed versions is recommended. Details on the necessary actions and downloadable updates can be found in the release notes.
Affected Version(s)
Sourcetree for Mac >= 3.4.14 < 3.4.14
Sourcetree for Windows >= 3.4.14 < 3.4.14
Sourcetree for Mac < 3.4.14 < 3.4.14
References
CVSS V3.0
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved