Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-21697

Опубликовано: 19 нояб. 2024
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
EPSS Низкий

Описание

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows.

This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.

Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9 Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20

See the release notes ([https://www.sourcetreeapp.com/download-archives]). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center ([https://www.sour

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:sourcetree:3.4.19:*:*:*:*:windows:*:*
cpe:2.3:a:atlassian:sourcetree:4.2.8:*:*:*:*:macos:*:*

EPSS

Процентиль: 84%
0.02211
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-v826-2933-8r2h

CVSS3: 8.8
github
около 1 года назад

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9 Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20 See the release notes ([https://www.sourcetreeapp.com/download-archives]). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center ([https://www.sourcetre...

fstec логотип

BDU:2024-10241

CVSS3: 8.8
fstec
около 1 года назад

Уязвимость визуального Git-клиента SourceTree, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 84%
0.02211
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo