CVE-2023-22514: High Severity RCE Vulnerability in Sourcetree for Mac and Windows

A high severity RCE (Remote Code Execution) vulnerability, CVE-2023-22514, has been identified in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This vulnerability puts your system at risk of unauthorized code execution, which may have a significant impact on the confidentiality, integrity, and availability of your data.

CVSS Score and Vector

This vulnerability is considered highly critical with a CVSS Score of 7.8. The CVSS Vector is: CVSS:3./AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that an unauthenticated attacker can exploit this vulnerability and execute arbitrary code on your system. The impact is high for confidentiality, integrity, and availability, and it requires user interaction.

Code Snippet

While Atlassian has not shared specific code snippets regarding this vulnerability, it is advised to refrain from sharing vulnerable code or running untrusted code from unknown sources.

Fixed Versions and Recommendations

Atlassian has released a patch for this vulnerability and strongly recommends that all users of Sourcetree for Mac and Sourcetree for Windows upgrade to the latest version. If you are unable to upgrade to the latest version, ensure that you upgrade your instance to one of the following supported fixed versions:

- Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15

You can review the release notes for additional information at https://www.sourcetreeapp.com/download-archives. To download the latest version of Sourcetree for Mac and Sourcetree for Windows, visit the download center at https://www.sourcetreeapp.com/download-archives.

Exploit Details

At this time, there are no known active exploits in the wild. The vulnerability was reported via Atlassian's Penetration Testing program. It is crucial to address this vulnerability as soon as possible to prevent potential future exploits and ensure the security of your systems.

Conclusion

To protect your systems and data from CVE-2023-22514, it is of utmost importance to upgrade your Sourcetree for Mac and Sourcetree for Windows to a fixed version. By doing so, you can mitigate the risk associated with this high severity RCE vulnerability and prevent any unauthorized code execution on your systems.

Timeline

Published on: 03/18/2025 17:03:59 UTC
Last modified on: 03/18/2025 17:15:39 UTC