github - ghsa-hjgh-vh3c-8rg8

ghsa-hjgh-vh3c-8rg8

Vulnerability from github

Published

2024-01-16 18:31

Modified

2025-03-18 18:30

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2023-22514",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-01-16T18:15:09Z",
      severity: "HIGH",
   },
   details: "Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.",
   id: "GHSA-hjgh-vh3c-8rg8",
   modified: "2025-03-18T18:30:38Z",
   published: "2024-01-16T18:31:10Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2023-22514",
      },
      {
         type: "WEB",
         url: "https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380",
      },
      {
         type: "WEB",
         url: "https://jira.atlassian.com/browse/SRCTREE-8076",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

cve-2023-22514

Vulnerability from cvelistv5

Published

2025-03-18 17:03

Modified

2025-03-18 17:03

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15 See the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). This vulnerability was reported via our Penetration Testing program.

References

▼	URL	Tags
	https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380
	https://jira.atlassian.com/browse/SRCTREE-8076

Impacted products

Vendor

Product

Version

▼

Atlassian

Sourcetree for Mac

Version: >= 3.4.14

Atlassian

Sourcetree for Windows

Version: >= 3.4.14

Show details on NVD website

JSON

To clipboard

{
   containers: {
      cna: {
         affected: [
            {
               product: "Sourcetree for Mac",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "< 3.4.14",
                  },
                  {
                     status: "affected",
                     version: ">= 3.4.14",
                  },
                  {
                     status: "unaffected",
                     version: ">= 3.4.15",
                  },
               ],
            },
            {
               product: "Sourcetree for Windows",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "< 3.4.14",
                  },
                  {
                     status: "affected",
                     version: ">= 3.4.14",
                  },
                  {
                     status: "unaffected",
                     version: ">= 3.4.15",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for Windows. \r\n\t\r\n\tThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.8, and a CVSS Vector of: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H which allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. \r\n\t\r\n\tAtlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n\t\t\r\n\t\tSourcetree for Mac and Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.15\r\n\t\t\r\n\t\t\r\n\t\r\n\tSee the release notes (https://www.sourcetreeapp.com/download-archives). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center (https://www.sourcetreeapp.com/download-archives). \r\n\t\r\n\tThis vulnerability was reported via our Penetration Testing program.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "RCE (Remote Code Execution)",
                     lang: "en",
                     type: "RCE (Remote Code Execution)",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-18T17:03:59.441Z",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               url: "https://confluence.atlassian.com/pages/viewpage.action?pageId=1299929380",
            },
            {
               url: "https://jira.atlassian.com/browse/SRCTREE-8076",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2023-22514",
      datePublished: "2025-03-18T17:03:59.441Z",
      dateReserved: "2023-01-01T00:01:22.330Z",
      dateUpdated: "2025-03-18T17:03:59.441Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted