{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-22524", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "state": "PUBLISHED", "assignerShortName": "atlassian", "dateReserved": "2023-01-01T00:01:22.333Z", "datePublished": "2023-12-06T05:00:02.649Z", "dateUpdated": "2026-02-25T16:53:03.327Z"}, "containers": {"cna": {"affected": [{"vendor": "Atlassian", "product": "Companion for Mac", "versions": [{"version": "< 1.0.0", "status": "unaffected"}, {"version": ">= 1.0.0", "status": "affected"}, {"version": ">= 1.1.0", "status": "affected"}, {"version": ">= 1.2.0", "status": "affected"}, {"version": ">= 1.2.2", "status": "affected"}, {"version": ">= 1.2.3", "status": "affected"}, {"version": ">= 1.2.4", "status": "affected"}, {"version": ">= 1.2.5", "status": "affected"}, {"version": ">= 1.2.6", "status": "affected"}, {"version": ">= 1.3.0", "status": "affected"}, {"version": ">= 1.3.1", "status": "affected"}, {"version": ">= 1.4.1", "status": "affected"}, {"version": ">= 1.4.2", "status": "affected"}, {"version": ">= 1.4.3", "status": "affected"}, {"version": ">= 1.4.4", "status": "affected"}, {"version": ">= 1.4.5", "status": "affected"}, {"version": ">= 1.4.6", "status": "affected"}, {"version": ">= 1.5.0", "status": "affected"}, {"version": ">= 1.6.0", "status": "affected"}, {"version": ">= 1.6.1", "status": "affected"}, {"version": ">= 2.0.0", "status": "unaffected"}, {"version": ">= 2.0.1", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."}], "problemTypes": [{"descriptions": [{"description": "RCE (Remote Code Execution)", "lang": "en", "type": "RCE (Remote Code Execution)"}]}], "references": [{"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"}, {"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.6, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2023-12-06T15:30:00.480Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.011Z"}, "title": "CVE Program Container", "references": [{"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html", "tags": ["x_transferred"]}, {"url": "https://jira.atlassian.com/browse/CONFSERVER-93518", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-19T05:00:20.476961Z", "id": "CVE-2023-22524", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T16:53:03.327Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:companion:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D3069A1-74AE-4FF2-9C2F-B76AF7B92A5E", "versionEndExcluding": "2.0.0", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."}, {"lang": "es", "value": "Ciertas versiones de la aplicaci\u00f3n Atlassian Companion para MacOS se vieron afectadas por una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante podr\u00eda utilizar WebSockets para eludir la lista de bloqueo de Atlassian Companion y MacOS Gatekeeper para permitir la ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2023-22524", "lastModified": "2024-11-21T07:44:58.770", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security@atlassian.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-06T05:15:10.267", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-93518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-93518"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}