Atlassian Sourcetree For Mac & Home windows Flaw Let Attackers Execute Distant Code

A crucial safety vulnerability has been found in Atlassian’s widespread model management shopper, Sourcetree, affecting each Mac and Home windows variations.

The flaw, recognized as CVE-2024-21697, permits unauthenticated attackers to execute arbitrary code remotely, posing a major danger to customers.

The vulnerability, which carries a excessive severity ranking with a CVSS rating of 8.8, was launched in Sourcetree for Mac model 4.2.8 and Sourcetree for Home windows model 3.4.19.

This distant code execution (RCE) flaw has the potential to compromise the confidentiality, integrity, and availability of affected techniques.

Safety researchers have warned that profitable exploitation of this vulnerability might grant attackers full management over the focused techniques.

Atlassian, the corporate behind Sourcetree, has responded swiftly to the safety menace. They’ve launched patches to deal with the vulnerability and are strongly urging all customers to replace their software program instantly.

Maximizing Cybersecurity ROI: Professional Suggestions for SME & MSP Leaders – Attend Free Webinar

Flaw Profile

• CVE ID: CVE-2024-21697
• Impacts Model/s: 4.2.8, 3.4.19
• CVSS Rating: 8.8
• CVSS Severity: Excessive
• Vulnerability Supply: Penetration Testing
• Vulnerability Lessons: RCE (Distant Code Execution), Safety Misconfiguration
• Affected Product(s): Sourcetree for Mac, Sourcetree for Home windows

The assault vector requires person interplay, however the specifics of how the vulnerability will be triggered haven’t been disclosed to forestall additional exploitation.

The fastened variations are:

• Sourcetree for Mac: Model 4.2.9 or later
• Sourcetree for Home windows: Model 3.4.20 or later

Customers who’re unable to improve to the most recent variations are suggested to replace to those particular patched releases at a minimal.

This safety difficulty is a component of a bigger set of vulnerabilities addressed in Atlassian’s November 2024 Safety Bulletin. The bulletin consists of particulars on 19 high-severity vulnerabilities which have been fastened throughout varied Atlassian merchandise.

The invention of this vulnerability highlights the continuing challenges in software security, notably for widely-used improvement instruments.

Atlassian has not reported any situations of this vulnerability being exploited within the wild. Nonetheless, given the severity and potential affect of the flaw, customers are strongly inspired to take speedy motion to guard their techniques.

For these utilizing Sourcetree of their improvement workflows, it’s essential to confirm the model at present in use and replace as quickly as attainable. Customers can obtain the most recent variations of Sourcetree for each Mac and Home windows from the official Atlassian web site.

Furthermore, the most effective practices in cybersecurity needs to be adopted, together with conserving all software program updated, being cautious when interacting with unknown or suspicious content material, and sustaining strong safety measures throughout improvement environments.

Are you from SOC/DFIR Groups? – Analyse Malware Information & Hyperlinks with ANY.RUN -> Try for Free