CVE-2023-22514

CWE-94Code Injection2 documents2 sources
Severity
7.8HIGH
EPSS
0.7%
top 26.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian SourcetreeAtlassian Sourcetree FOR MACAtlassian Sourcetree FOR Windows
Timeline
PublishedJan 16
Latest updateMar 18

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommen

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDatlassian/sourcetree3.4.03.4.15+1
CVEListV5atlassian/sourcetree_for_mac>= 3.4.14

🔴Vulnerability Details

1
CVEList
CVE-2023-22514: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 32025-03-18
CVE-2023-22514 (HIGH CVSS 7.8) | This High severity RCE (Remote Code | cvebase.io