Remote Code Execution Vulnerability in Atlassian Companion App for MacOS
CVE-2023-22524
Key Information:
- Vendor
- Atlassian
- Status
- Vendor
- CVE Published:
- 6 December 2023
Badges
Summary
Certain versions of the Atlassian Companion App for MacOS are susceptible to a remote code execution vulnerability. This issue arises from the application’s handling of WebSockets, enabling attackers to circumvent blocklist protections and bypass MacOS Gatekeeper. Consequently, this could lead to unauthorized code execution on the affected systems. Users of the affected versions are advised to apply necessary updates to mitigate the risk associated with this vulnerability.
Affected Version(s)
Companion for Mac >= 1.0.0 < 1.0.0
Companion for Mac >= 1.1.0 >= 1.1.0
Companion for Mac >= 1.2.0 >= 1.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Penetration TestingLeftoverLocals - CVE-2023-4969: The Hidden Threat in Your GPU
The crux of the LeftoverLocals vulnerability (CVE-2023-4969) lies in the inadequate isolation of process memory in GPGPU platforms.
1 year ago
Help Net SecurityAtlassian fixes four critical RCE vulnerabilities, patch quickly! - Help Net Security
Atlassian has released security updates for 4 critical vulnerabilities in its various offerings that can lead to arbitrary code execution.
1 year ago
The Hacker NewsAtlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
1 year ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved