CVE-2024-21697

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 19, 2024

Summary

CVE-2024-21697 is a high severity Remote Code Execution (RCE) vulnerability affecting versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. With a CVSS Score of 8.8, this RCE vulnerability allows unauthenticated attackers to execute arbitrary code, resulting in significant impact to confidentiality, integrity, and availability. User interaction is required for exploitation. Atlassian urges users to upgrade to the latest versions of Sourcetree for Mac (greater than or equal to 4.2.9) and Sourcetree for Windows (greater than or equal to 3.4.20) to mitigate this vulnerability. Users unable to upgrade immediately should consider upgrading to a supported fixed version. This vulnerability was identified through Atlassian's Penetration Testing program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database