CVE-2023-22524

CRITICAL

Atlassian Companion < 2.0.0 - Remote Code Execution

Title source: rule

Description

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.

Exploits (2)

nomisec WORKING POC 25 stars

by ron-imperva · poc

https://github.com/ron-imperva/CVE-2023-22524

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by imperva · poc

https://github.com/imperva/CVE-2023-22524

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html

[Vendor Advisory] https://jira.atlassian.com/browse/CONFSERVER-93518

Scores

CVSS v3 9.8

EPSS 0.3497

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

atlassian/companion 1.0.0 - 2.0.0

Published Dec 06, 2023

Tracked Since Feb 18, 2026