Search criteria
9 vulnerabilities found for companion by atlassian
FKIE_CVE-2023-22524
Vulnerability from fkie_nvd - Published: 2023-12-06 05:15 - Updated: 2024-11-21 07:44
Severity ?
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:companion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3069A1-74AE-4FF2-9C2F-B76AF7B92A5E",
"versionEndExcluding": "2.0.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."
},
{
"lang": "es",
"value": "Ciertas versiones de la aplicaci\u00f3n Atlassian Companion para MacOS se vieron afectadas por una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Un atacante podr\u00eda utilizar WebSockets para eludir la lista de bloqueo de Atlassian Companion y MacOS Gatekeeper para permitir la ejecuci\u00f3n de c\u00f3digo."
}
],
"id": "CVE-2023-22524",
"lastModified": "2024-11-21T07:44:58.770",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@atlassian.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-06T05:15:10.267",
"references": [
{
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
],
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
],
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4020
Vulnerability from fkie_nvd - Published: 2020-06-01 07:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:companion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0633F948-1149-4BD9-864E-DCA8E182DA76",
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure."
},
{
"lang": "es",
"value": "La funcionalidad file downloading en la Atlassian Companion App versiones anteriores a 1.0.0, permite a atacantes remotos, que controlan una instancia de Confluence Server a la que est\u00e1 conectada la Companion App, ejecutar archivos .exe arbitrarios por medio de un Fallo del Mecanismo de Protecci\u00f3n."
}
],
"id": "CVE-2020-4020",
"lastModified": "2024-11-21T05:32:10.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-01T07:15:11.063",
"references": [
{
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
],
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4019
Vulnerability from fkie_nvd - Published: 2020-06-01 07:15 - Updated: 2024-11-21 05:32
Severity ?
Summary
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:companion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0633F948-1149-4BD9-864E-DCA8E182DA76",
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app\u0027s cmd.exe via a untrusted search path vulnerability."
},
{
"lang": "es",
"value": "La funcionalidad file editing en la Atlassian Companion App versiones anteriores a 1.0.0, permite a atacantes locales hacer que la aplicaci\u00f3n corra un ejecutable diferente en lugar del archivo cmd.exe de la aplicaci\u00f3n por medio de una vulnerabilidad de ruta de b\u00fasqueda no confiable."
}
],
"id": "CVE-2020-4019",
"lastModified": "2024-11-21T05:32:10.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-01T07:15:11.000",
"references": [
{
"source": "security@atlassian.com",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
],
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-22524 (GCVE-0-2023-22524)
Vulnerability from cvelistv5 – Published: 2023-12-06 05:00 – Updated: 2024-08-02 10:13
VLAI?
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
Severity ?
9.6 (Critical)
CWE
- RCE (Remote Code Execution)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion for Mac |
Unaffected:
< 1.0.0
Affected: >= 1.0.0 Affected: >= 1.1.0 Affected: >= 1.2.0 Affected: >= 1.2.2 Affected: >= 1.2.3 Affected: >= 1.2.4 Affected: >= 1.2.5 Affected: >= 1.2.6 Affected: >= 1.3.0 Affected: >= 1.3.1 Affected: >= 1.4.1 Affected: >= 1.4.2 Affected: >= 1.4.3 Affected: >= 1.4.4 Affected: >= 1.4.5 Affected: >= 1.4.6 Affected: >= 1.5.0 Affected: >= 1.6.0 Affected: >= 1.6.1 Unaffected: >= 2.0.0 Unaffected: >= 2.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion for Mac",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.1.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.3"
},
{
"status": "affected",
"version": "\u003e= 1.2.4"
},
{
"status": "affected",
"version": "\u003e= 1.2.5"
},
{
"status": "affected",
"version": "\u003e= 1.2.6"
},
{
"status": "affected",
"version": "\u003e= 1.3.0"
},
{
"status": "affected",
"version": "\u003e= 1.3.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.2"
},
{
"status": "affected",
"version": "\u003e= 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.5"
},
{
"status": "affected",
"version": "\u003e= 1.4.6"
},
{
"status": "affected",
"version": "\u003e= 1.5.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.1"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.0"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T15:30:00.480Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2023-22524",
"datePublished": "2023-12-06T05:00:02.649Z",
"dateReserved": "2023-01-01T00:01:22.333Z",
"dateUpdated": "2024-08-02T10:13:49.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4020 (GCVE-0-2020-4020)
Vulnerability from cvelistv5 – Published: 2020-06-01 06:35 – Updated: 2024-09-16 17:29
VLAI?
Summary
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Severity ?
No CVSS data available.
CWE
- Protected Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion App |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion App",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Protected Mechanism Failure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T06:35:33",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2020-4020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Companion App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protected Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-59733",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4020",
"datePublished": "2020-06-01T06:35:33.411293Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:29:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4019 (GCVE-0-2020-4019)
Vulnerability from cvelistv5 – Published: 2020-06-01 06:35 – Updated: 2024-09-16 17:19
VLAI?
Summary
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
Severity ?
No CVSS data available.
CWE
- Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion App |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion App",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app\u0027s cmd.exe via a untrusted search path vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted Search Path",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T06:35:32",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2020-4019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Companion App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app\u0027s cmd.exe via a untrusted search path vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-59734",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4019",
"datePublished": "2020-06-01T06:35:32.935956Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:19:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22524 (GCVE-0-2023-22524)
Vulnerability from nvd – Published: 2023-12-06 05:00 – Updated: 2024-08-02 10:13
VLAI?
Summary
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.
Severity ?
9.6 (Critical)
CWE
- RCE (Remote Code Execution)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion for Mac |
Unaffected:
< 1.0.0
Affected: >= 1.0.0 Affected: >= 1.1.0 Affected: >= 1.2.0 Affected: >= 1.2.2 Affected: >= 1.2.3 Affected: >= 1.2.4 Affected: >= 1.2.5 Affected: >= 1.2.6 Affected: >= 1.3.0 Affected: >= 1.3.1 Affected: >= 1.4.1 Affected: >= 1.4.2 Affected: >= 1.4.3 Affected: >= 1.4.4 Affected: >= 1.4.5 Affected: >= 1.4.6 Affected: >= 1.5.0 Affected: >= 1.6.0 Affected: >= 1.6.1 Unaffected: >= 2.0.0 Unaffected: >= 2.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion for Mac",
"vendor": "Atlassian",
"versions": [
{
"status": "unaffected",
"version": "\u003c 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.0.0"
},
{
"status": "affected",
"version": "\u003e= 1.1.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.0"
},
{
"status": "affected",
"version": "\u003e= 1.2.2"
},
{
"status": "affected",
"version": "\u003e= 1.2.3"
},
{
"status": "affected",
"version": "\u003e= 1.2.4"
},
{
"status": "affected",
"version": "\u003e= 1.2.5"
},
{
"status": "affected",
"version": "\u003e= 1.2.6"
},
{
"status": "affected",
"version": "\u003e= 1.3.0"
},
{
"status": "affected",
"version": "\u003e= 1.3.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.1"
},
{
"status": "affected",
"version": "\u003e= 1.4.2"
},
{
"status": "affected",
"version": "\u003e= 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.4"
},
{
"status": "affected",
"version": "\u003e= 1.4.5"
},
{
"status": "affected",
"version": "\u003e= 1.4.6"
},
{
"status": "affected",
"version": "\u003e= 1.5.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.0"
},
{
"status": "affected",
"version": "\u003e= 1.6.1"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.0"
},
{
"status": "unaffected",
"version": "\u003e= 2.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion\u2019s blocklist and MacOS Gatekeeper to allow execution of code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "RCE (Remote Code Execution)",
"lang": "en",
"type": "RCE (Remote Code Execution)"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-06T15:30:00.480Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"url": "https://confluence.atlassian.com/security/cve-2023-22524-rce-vulnerability-in-atlassian-companion-app-for-macos-1319249492.html"
},
{
"url": "https://jira.atlassian.com/browse/CONFSERVER-93518"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2023-22524",
"datePublished": "2023-12-06T05:00:02.649Z",
"dateReserved": "2023-01-01T00:01:22.333Z",
"dateUpdated": "2024-08-02T10:13:49.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4020 (GCVE-0-2020-4020)
Vulnerability from nvd – Published: 2020-06-01 06:35 – Updated: 2024-09-16 17:29
VLAI?
Summary
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Severity ?
No CVSS data available.
CWE
- Protected Mechanism Failure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion App |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion App",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Protected Mechanism Failure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T06:35:33",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2020-4020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Companion App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protected Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-59733",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-59733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4020",
"datePublished": "2020-06-01T06:35:33.411293Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:29:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4019 (GCVE-0-2020-4019)
Vulnerability from nvd – Published: 2020-06-01 06:35 – Updated: 2024-09-16 17:19
VLAI?
Summary
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
Severity ?
No CVSS data available.
CWE
- Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atlassian | Companion App |
Affected:
unspecified , < 1.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Companion App",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app\u0027s cmd.exe via a untrusted search path vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted Search Path",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-01T06:35:32",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2020-4019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Companion App",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app\u0027s cmd.exe via a untrusted search path vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-59734",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-59734"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2020-4019",
"datePublished": "2020-06-01T06:35:32.935956Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:19:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}