CVE-2023-22524
Key Information
- Vendor
- Atlassian
- Status
- Companion for Mac
- Vendor
- CVE Published:
- 6 December 2023
Badges
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
Affected Version(s)
Companion for Mac >= 1.0.0
Companion for Mac < 1.0.0
Companion for Mac >= 1.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Penetration Testing CVE-2023-4969CVE-2023-22524LeftoverLocals - CVE-2023-4969: The Hidden Threat in Your GPU
The crux of the LeftoverLocals vulnerability (CVE-2023-4969) lies in the inadequate isolation of process memory in GPGPU platforms.
11 months ago
Help Net Security CVE-2023-22522CVE-2023-22524Atlassian fixes four critical RCE vulnerabilities, patch quickly! - Help Net Security
Atlassian has released security updates for 4 critical vulnerabilities in its various offerings that can lead to arbitrary code execution.
1 year ago
The Hacker News CVE-2023-22522CVE-2023-22524Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
1 year ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by The Hacker News
Vulnerability published.
Vulnerability Reserved.