CVE-2024-21697Atlassian Sourcetree FOR MAC vulnerability

4 documents4 sources
Severity
8.8HIGHNVD
EPSS
3.0%
top 13.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Sourcetree FOR MACAtlassian Sourcetree FOR WindowsAtlassian Sourcetree
Timeline
PublishedNov 19

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customer

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5atlassian/sourcetree_for_windowsAll versions from 3.4.19 to 3.4.19
NVDatlassian/sourcetree3.4.19, 4.2.8+1
CVEListV5atlassian/sourcetree_for_macAll versions from 4.2.8 to 4.2.8

🔴Vulnerability Details

2
GHSA
GHSA-v826-2933-8r2h: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 42024-11-19
CVEList
CVE-2024-21697: This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 42024-11-19

📋Vendor Advisories

1
Atlassian
CVE-2024-21697: RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows2024-11-19
CVE-2024-21697 — Atlassian vulnerability | cvebase