This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9
Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20
See the release notes ([https://www.sourcetreeapp.com/download-archives]). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center ([https://www.sourcetreeapp.com/download-archives]).
This vulnerability was reported via our Penetration Testing program.
Metrics
Affected Vendors & Products
References
History
Wed, 20 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Atlassian
Atlassian sourcetree |
|
CPEs | cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:* cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:* |
|
Vendors & Products |
Atlassian
Atlassian sourcetree |
|
Metrics |
ssvc
|
Tue, 19 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9 Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20 See the release notes ([https://www.sourcetreeapp.com/download-archives]). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center ([https://www.sourcetreeapp.com/download-archives]). This vulnerability was reported via our Penetration Testing program. | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2024-11-19T19:00:00.635Z
Updated: 2024-11-25T14:04:49.167Z
Reserved: 2024-01-01T00:05:33.848Z
Link: CVE-2024-21697
Vulnrichment
Updated: 2024-11-20T15:45:58.332Z
NVD
Status : Awaiting Analysis
Published: 2024-11-19T19:15:07.937
Modified: 2024-11-19T21:56:45.533
Link: CVE-2024-21697
Redhat
No data.