CVE-2023-22524
Key Information
- Vendor
- Atlassian
- Status
- Companion for Mac
- Vendor
- CVE Published:
- 6 December 2023
Badges
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
Affected Version(s)
Companion for Mac >= 1.0.0
Companion for Mac < 1.0.0
Companion for Mac >= 1.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
LeftoverLocals - CVE-2023-4969: The Hidden Threat in Your GPU
The crux of the LeftoverLocals vulnerability (CVE-2023-4969) lies in the inadequate isolation of process memory in GPGPU platforms.
9 months ago
Atlassian fixes four critical RCE vulnerabilities, patch quickly! - Help Net Security
Atlassian has released security updates for 4 critical vulnerabilities in its various offerings that can lead to arbitrary code execution.
11 months ago
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
11 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by The Hacker News
Vulnerability published.
Vulnerability Reserved.