Vulnerabilites related to Atlassian - Companion for Mac
CVE-2023-22524 (GCVE-0-2023-22524)
Vulnerability from cvelistv5
Published
2023-12-06 05:00
Modified
2024-08-02 10:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- RCE (Remote Code Execution)
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion for Mac |
Version: >= 1.0.0 Version: >= 1.1.0 Version: >= 1.2.0 Version: >= 1.2.2 Version: >= 1.2.3 Version: >= 1.2.4 Version: >= 1.2.5 Version: >= 1.2.6 Version: >= 1.3.0 Version: >= 1.3.1 Version: >= 1.4.1 Version: >= 1.4.2 Version: >= 1.4.3 Version: >= 1.4.4 Version: >= 1.4.5 Version: >= 1.4.6 Version: >= 1.5.0 Version: >= 1.6.0 Version: >= 1.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion for Mac",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.1.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.3"
},
{
"status": "affected",
"version": "\u003e= 1.2.4"
},
{
"status": "affected",
"version": "\u003e= 1.2.5"
},
{
"status": "affected",
"version": "\u003e= 1.2.6"
},
{
"status": "affected",
"version": "\u003e= 1.3.0"
},
{
"status": "affected",
"version": "\u003e= 1.3.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.2"
},
{
"status": "affected",
"version": "\u003e= 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.5"
},
{
"status": "affected",
"version": "\u003e= 1.4.6"
},
{
"status": "affected",
"version": "\u003e= 1.5.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.1"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.0"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T15:30:00.480Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2023-22524",
"datePublished": "2023-12-06T05:00:02.649Z",
"dateReserved": "2023-01-01T00:01:22.333Z",
"dateUpdated": "2024-08-02T10:13:49.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}