Volerion logoVolerion
Volerion logoVolerion

Atlassian Sourcetree for Mac Arbitrary Code Execution Vulnerability

Vulnerability

A medium severity arbitrary code execution vulnerability has been identified in Atlassian Sourcetree for Mac, specifically in versions 4.2.8, 4.2.9, 4.2.10, and 4.2.11. This vulnerability allows a locally authenticated attacker to execute arbitrary code, with high impact on confidentiality, integrity, and availability. The issue requires user interaction and was discovered through the Atlassian Bug Bounty Program.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running in the context of the user who is currently running Sourcetree.

Remediation

Users are advised to upgrade to Sourcetree for Mac version 4.2.12 or later, where the vulnerability has been fixed. Version 4.2.12 can be downloaded from the Atlassian product downloads site.

Added: Jul 24, 2025, 11:24 PM
Updated: Jul 24, 2025, 11:24 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
7.5
exploitability
4.6
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.