Atlassian Companion vulnerabilities

CVE-2023-22524 [CRITICAL] CVE-2023-22524: Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution v Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code.

CVE-2020-4019 [HIGH] CWE-426 CVE-2020-4019: The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local atta The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.

CVE-2020-4020 [HIGH] CVE-2020-4020: The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.