CVE-2024-21697

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Nov 19, 2024

Summary

CVE-2024-21697 is a high severity Remote Code Execution (RCE) vulnerability affecting versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. With a CVSS score of 8.8, this RCE vulnerability allows unauthenticated attackers to execute arbitrary code, posing significant risks to confidentiality, integrity, and availability. Interaction from the user is required. Atlassian urges customers to upgrade to the latest versions of Sourcetree for Mac (greater than or equal to 4.2.9) and Sourcetree for Windows (greater than or equal to 3.4.20) to mitigate this issue. Those unable to upgrade immediately should consider upgrading to a supported fixed version. The vulnerability was reported via Atlassian's Penetration Testing program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database