Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-93518

CVE-2023-22524 - RCE Vulnerability in Atlassian Companion App for MacOS


    • Icon: Public Security Vulnerability Public Security Vulnerability
    • Resolution: Fixed
    • Icon: Highest Highest
    • Companion-1.0.0, Companion-1.1.0, Companion-1.2.0, Companion-1.2.2, Companion-1.2.3, Companion-1.2.4, Companion-1.2.5, Companion-1.2.6, Companion-1.3.0, Companion-1.3.1, Companion-1.4.1, Companion-1.4.2, Companion-1.4.3, Companion-1.4.4, Companion-1.4.5, Companion-1.4.6, Companion-1.6.0, Companion-1.5.0, Companion-1.6.1
    • None

      All versions of the Atlassian Companion App for MacOS up to but not including 2.0.0 are affected by a Remote Code Execution (RCE) vulnerability, CVE-2023-22524. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow the execution of code.

      The Atlassian Companion App is an optional desktop application that can be installed on users' devices to enhance the file editing experience in Confluence Data Center and Server. It enables users to edit files in their preferred desktop application before automatically saving those files to their Confluence instances. See “What You Need To Do” for detailed instructions.

      Note: If you are no longer using Confluence Data Center and Server and have the Atlassian Companion App installed, you may still be vulnerable. In this case, Atlassian recommends removing the Atlassian Companion App from your device.


      This vulnerability affects the Atlassian Companion App only, not Confluence Data Center and Server or Cloud sites.

      The Atlassian Companion App for Windows is not impacted by this vulnerability.

            Unassigned Unassigned
            e224d63853a5 Arshita Sandhiparthi
            0 Vote for this issue
            8 Start watching this issue