Overview I identified a vulnerability that allowed executing code on victims’ machines after they click the Edit button on a Confluence page when Atlassian Companion is installed on macOS. The Atlassian Companion app enables users to edit Confluence files in their preferred desktop application, then save the file back to Confluence automatically. Source: https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html Exploitation conditions Victim must have Atlassian Companion installed. Victim clicks on the Edit button in Confluence, so the malicious file is opened in the Atlassian Companion App on macOS (standard app behavior).
Before I start describing details, you have to know that this post is published on Responsible Disclosure terms. I sent a full report with all the findings to DASAN on 24th October 2017. We have been talking about these vulnerabilities for a long time, and one day they just stopped contacting me anymore (even when I warned them that I want to disclose this). Today is 26th April 2018, so it’s over half year after DASAN has been informed.