Login Sign Up

CVE-2024-21697

8.8 HIGH
Remote Code Execution

📋 TL;DR

This is a high-severity remote code execution vulnerability in Sourcetree Git clients that allows attackers to execute arbitrary code on affected systems. It affects Sourcetree for Mac versions 4.2.8 and Sourcetree for Windows versions 3.4.19. Successful exploitation requires user interaction but can lead to complete system compromise.

💻 Affected Systems

Products:
  • Sourcetree for Mac
  • Sourcetree for Windows
Versions: Sourcetree for Mac: 4.2.8, Sourcetree for Windows: 3.4.19
Operating Systems: macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected versions are vulnerable. User interaction is required for exploitation.

📦 What is this software?

Sourcetree by Atlassian

View all CVEs affecting Sourcetree →

Sourcetree by Atlassian

View all CVEs affecting Sourcetree →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining full control over the victim's machine, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Attacker executes malicious code within the context of the Sourcetree application, potentially stealing Git credentials, accessing source code repositories, or compromising the local system.

🟢

If Mitigated

With proper network segmentation and least privilege, impact limited to the user's local environment and Git repositories accessible to that user.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires user interaction but is unauthenticated. No public exploit code has been disclosed as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Sourcetree for Mac: >=4.2.9, Sourcetree for Windows: >=3.4.20

Vendor Advisory: https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091

Restart Required: Yes

Instructions:

1. Download latest version from https://www.sourcetreeapp.com/download-archives
2. Install the update
3. Restart Sourcetree
4. Verify version is >=4.2.9 (Mac) or >=3.4.20 (Windows)

🔧 Temporary Workarounds

Disable automatic repository loading

all

Prevent Sourcetree from automatically loading potentially malicious repositories

Manual configuration in Sourcetree settings

Network restriction

all

Restrict Sourcetree network access to trusted Git repositories only

Configure firewall rules to limit outbound connections

🧯 If You Can't Patch

  • Immediately stop using Sourcetree and switch to alternative Git clients like Git CLI, GitKraken, or GitHub Desktop
  • Implement strict network segmentation and monitor for suspicious Sourcetree process activity

🔍 How to Verify

Check if Vulnerable:

Check Sourcetree version in About menu. Mac: 4.2.8 is vulnerable. Windows: 3.4.19 is vulnerable.

Check Version:

Sourcetree → About Sourcetree (menu option)

Verify Fix Applied:

Verify version is >=4.2.9 (Mac) or >=3.4.20 (Windows) in About menu

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawning from Sourcetree.exe or Sourcetree.app
  • Suspicious network connections from Sourcetree to unknown hosts
  • Unexpected file system modifications by Sourcetree processes

Network Indicators:

  • Sourcetree connecting to non-standard Git repositories or unknown endpoints
  • Unusual outbound traffic patterns from Sourcetree process

SIEM Query:

process_name:"Sourcetree.exe" OR process_name:"Sourcetree.app" AND (event_type:process_creation OR event_type:network_connection) WHERE destination_ip NOT IN (trusted_git_servers)

📊 Metadata

CVE ID: CVE-2024-21697
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: November 19, 2024
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON