CVE-2023-22524

Summary

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.

Affected Software

VendorProductVersion RangeStatus
AtlassianCompanion for Mac< 1.0.0unaffected
AtlassianCompanion for Mac>= 1.0.0affected
AtlassianCompanion for Mac>= 1.1.0affected
AtlassianCompanion for Mac>= 1.2.0affected
AtlassianCompanion for Mac>= 1.2.2affected
AtlassianCompanion for Mac>= 1.2.3affected
AtlassianCompanion for Mac>= 1.2.4affected
AtlassianCompanion for Mac>= 1.2.5affected
AtlassianCompanion for Mac>= 1.2.6affected
AtlassianCompanion for Mac>= 1.3.0affected
AtlassianCompanion for Mac>= 1.3.1affected
AtlassianCompanion for Mac>= 1.4.1affected
AtlassianCompanion for Mac>= 1.4.2affected
AtlassianCompanion for Mac>= 1.4.3affected
AtlassianCompanion for Mac>= 1.4.4affected
AtlassianCompanion for Mac>= 1.4.5affected
AtlassianCompanion for Mac>= 1.4.6affected
AtlassianCompanion for Mac>= 1.5.0affected
AtlassianCompanion for Mac>= 1.6.0affected
AtlassianCompanion for Mac>= 1.6.1affected
AtlassianCompanion for Mac>= 2.0.0unaffected
AtlassianCompanion for Mac>= 2.0.1unaffected

Weaknesses

  • RCE (Remote Code Execution)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References