Vulnerability Details CVE-2023-22524
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.389
EPSS Ranking 97.1%
CVSS Severity
CVSS v3 Score 9.6
References
- https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html
- https://jira.atlassian.com/browse/CONFSERVER-93518
- https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html
- https://jira.atlassian.com/browse/CONFSERVER-93518
Products affected by CVE-2023-22524
-
cpe:2.3:a:atlassian:companion:1.0.0
-
cpe:2.3:a:atlassian:companion:1.1.0
-
cpe:2.3:a:atlassian:companion:1.2.0
-
cpe:2.3:a:atlassian:companion:1.2.2
-
cpe:2.3:a:atlassian:companion:1.2.3
-
cpe:2.3:a:atlassian:companion:1.2.4
-
cpe:2.3:a:atlassian:companion:1.2.5
-
cpe:2.3:a:atlassian:companion:1.2.6
-
cpe:2.3:a:atlassian:companion:1.3.0
-
cpe:2.3:a:atlassian:companion:1.3.1
-
cpe:2.3:a:atlassian:companion:1.4.1
-
cpe:2.3:a:atlassian:companion:1.4.2
-
cpe:2.3:a:atlassian:companion:1.4.3
-
cpe:2.3:a:atlassian:companion:1.4.4
-
cpe:2.3:a:atlassian:companion:1.4.5
-
cpe:2.3:a:atlassian:companion:1.4.6
-
cpe:2.3:a:atlassian:companion:1.5.0
-
cpe:2.3:a:atlassian:companion:1.6.0
-
cpe:2.3:a:atlassian:companion:1.6.1
-
cpe:2.3:o:apple:macos:-