Atlassian Sourcetree RCE Vulnerability (CVE-2024-21697) Advisory

Key Information Vulnerability Description Type: Public Security Vulnerability Priority: High Affected Versions: 4.2.8, 3.4.19 Component: None Tags: advisory, advisory-to-release, dont-import, security CVSS Score: 8.8 CVSS Severity: High CVE ID: CVE-2024-21697 Vulnerability Source: Penetration Testing Vulnerability Type: RCE (Remote Code Execution), Security Misconfiguration Affected Products: Sourcetree for Mac, Sourcetree for Windows Impact Description: This high-severity RCE (Remote Code Execution) vulnerability was introduced in Sourcetree for Mac version 4.2.8 and Sourcetree for Windows version 3.4.19. Impact: Allows unauthorized attackers to execute arbitrary code, with high impact on confidentiality, integrity, and availability, and requires user interaction. Recommendation: Atlassian recommends that users of Sourcetree for Mac and Sourcetree for Windows upgrade to the latest version. If upgrading is not possible, users should upgrade to the specified supported fixed versions: - Sourcetree for Mac 4.2: Upgrade to 4.2.9 or higher - Sourcetree for Windows 3.4: Upgrade to 3.4.20 or higher References Release Notes: https://www.sourcetreeapp.com/download-archives Download Center: https://www.sourcetreeapp.com/download-archives Reporting Method Reporting Method: Reported via penetration testing program.

Goal Reached Thanks to every supporter — we hit 100%!

Atlassian Sourcetree RCE Vulnerability (CVE-2024-21697) Advisory