{"{\"text\":\"High Sev RCE Vulnerability Affects Sourcetree for Mac and Windows\",\"icon\":\"⚠️\"}","{\"text\":\"Upgrade to Latest Version to Mitigate Risk\",\"icon\":\"🔄\"}"}
CVE-2024-21697

8.8HIGH

Key Information:

Vendor: Atlassian
Status: Sourcetree For Mac; Sourcetree For Windows
Vendor: CVE Published:; 19 November 2024

Summary

A Remote Code Execution vulnerability exists in Sourcetree versions 4.2.8 for Mac and 3.4.19 for Windows, which enables an unauthenticated attacker to execute arbitrary code on the affected systems. This vulnerability has substantial implications, as it significantly compromises the confidentiality, integrity, and availability of the affected products. User interaction is required, which increases the risk of exploitation in environments where users may unknowingly initiate the attack vector. Atlassian strongly advises all users to upgrade to patched versions: Sourcetree for Mac should be updated to version 4.2.9 or higher, while Sourcetree for Windows should be updated to version 3.4.20 or higher to mitigate potential risks.

Affected Version(s)

Sourcetree for Mac All versions from 4.2.8 to 4.2.8

Sourcetree for Windows All versions from 3.4.19 to 3.4.19

Sourcetree for Mac All versions from 4.2.9

References

https://confluence.atlassian.com/pages/viewpage.action?pa...

https://jira.atlassian.com/browse/SRCTREE-8168

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Jan 1, 2024