CVE-2023-22524

CRITICAL

Atlassian Companion 1.0.0-<2.0.0 - Remote Code Execution via WebSocket Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-22524. PoCs published by ron-imperva, imperva.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-22524, an RCE vulnerability in Atlassian Companion for macOS. The PoC includes a Node.js server that serves a malicious ZIP file and a crafted .fileloc file to bypass macOS Gatekeeper and execute arbitrary code.

Description

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.

Exploits (2)

nomisec WORKING POC 25 stars

by ron-imperva · poc

https://github.com/ron-imperva/CVE-2023-22524

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2023-22524, an RCE vulnerability in Atlassian Companion for macOS. The PoC includes a Node.js server that serves a malicious ZIP file and a crafted .fileloc file to bypass macOS Gatekeeper and execute arbitrary code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Atlassian Companion < 2.0.0 for macOS

No auth needed

Prerequisites: Atlassian Companion < 2.0.0 installed on macOS · Victim must visit the malicious URL

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1553.005 - Mark-of-the-Web Bypass

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by imperva · poc

https://github.com/imperva/CVE-2023-22524

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2023-22524, demonstrating an RCE vulnerability in Atlassian Companion for macOS by bypassing Gatekeeper via crafted file handling. The server.js script serves malicious files and exploits the vulnerability when a user visits the provided HTML page.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Atlassian Companion < 2.0.0 for macOS

No auth needed

Prerequisites: Atlassian Companion < 2.0.0 installed on macOS · User interaction to visit the malicious URL

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html

Vendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-93518

Scores

CVSS v3 9.8

EPSS 0.2472

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (1)

atlassian/companion 1.0.0 - 2.0.0

Published Dec 06, 2023

Tracked Since Feb 18, 2026