Remote Code Execution Vulnerability in Sourcetree for Mac and Windows by Atlassian
CVE-2023-22514

7.8HIGH

Key Information:

Vendor

Atlassian
Status
Sourcetree For Mac
Sourcetree For Windows
Vendor
CVE Published:
16 January 2024

What is CVE-2023-22514?

An RCE vulnerability has been identified in Sourcetree for both Mac and Windows, beginning from version 3.4.14. This flaw allows unauthenticated attackers to execute arbitrary code on affected systems, impacting confidentiality, integrity, and availability. Users are strongly advised to upgrade to versions greater than or equal to 3.4.15 to mitigate this risk. For those unable to upgrade immediately, consulting the specified supported fixed versions is recommended. Details on the necessary actions and downloadable updates can be found in the release notes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sourcetree for Mac >= 3.4.14 < 3.4.14

Sourcetree for Windows >= 3.4.14 < 3.4.14

Sourcetree for Mac < 3.4.14 < 3.4.14

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/SRCTREE-8076

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.