{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-22524","assignerOrgId":"f08a6ab8-ed46-4c22-8884-d911ccfe3c66","state":"PUBLISHED","assignerShortName":"atlassian","dateReserved":"2023-01-01T00:01:22.333Z","datePublished":"2023-12-06T05:00:02.649Z","dateUpdated":"2026-02-25T16:53:03.327Z"},"containers":{"cna":{"affected":[{"vendor":"Atlassian","product":"Companion for Mac","versions":[{"version":"< 1.0.0","status":"unaffected"},{"version":">= 1.0.0","status":"affected"},{"version":">= 1.1.0","status":"affected"},{"version":">= 1.2.0","status":"affected"},{"version":">= 1.2.2","status":"affected"},{"version":">= 1.2.3","status":"affected"},{"version":">= 1.2.4","status":"affected"},{"version":">= 1.2.5","status":"affected"},{"version":">= 1.2.6","status":"affected"},{"version":">= 1.3.0","status":"affected"},{"version":">= 1.3.1","status":"affected"},{"version":">= 1.4.1","status":"affected"},{"version":">= 1.4.2","status":"affected"},{"version":">= 1.4.3","status":"affected"},{"version":">= 1.4.4","status":"affected"},{"version":">= 1.4.5","status":"affected"},{"version":">= 1.4.6","status":"affected"},{"version":">= 1.5.0","status":"affected"},{"version":">= 1.6.0","status":"affected"},{"version":">= 1.6.1","status":"affected"},{"version":">= 2.0.0","status":"unaffected"},{"version":">= 2.0.1","status":"unaffected"}]}],"descriptions":[{"lang":"en","value":"Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code."}],"problemTypes":[{"descriptions":[{"description":"RCE (Remote Code Execution)","lang":"en","type":"RCE (Remote Code Execution)"}]}],"references":[{"url":"https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"},{"url":"https://jira.atlassian.com/browse/CONFSERVER-93518"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL"}}],"providerMetadata":{"orgId":"f08a6ab8-ed46-4c22-8884-d911ccfe3c66","shortName":"atlassian","dateUpdated":"2023-12-06T15:30:00.480Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:13:49.011Z"},"title":"CVE Program Container","references":[{"url":"https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html","tags":["x_transferred"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-93518","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2023-12-19T05:00:20.476961Z","id":"CVE-2023-22524","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T16:53:03.327Z"}}]}}