Lucene search
Security-metrics-botATLASSIAN:CONFSERVER-59733HistoryApr 16, 2020 - 8:37 p.m.
Protection Mechanism Failure in file downloading in Companion - CVE-2020-4020
2020-04-1620:37:58
security-metrics-bot
jira.atlassian.com
51
0.006 Low
EPSS
Percentile
79.1%
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
h5. Acknowledgements
Credit for finding this vulnerability goes to Johannes Hatting (UFST).
| CPE | Name | Operator | Version |
|---|---|---|---|
| confluence server and data center | le | Companion-Legacy | |
| confluence server and data center | lt | 7.3.1 |
Related
prion
prion
Design/Logic Flaw
2020-06-01 07:15:00
nessus
nessus
Atlassian Companion < 1.0.0 Protection Mechanism Failure
2020-06-05 00:00:00
cvelist
cvelist
CVE-2020-4020
2020-04-21 00:00:00
atlassian
atlassian
cve
cve
CVE-2020-4020
2020-06-01 07:15:11
nvd
nvd
CVE-2020-4020
2020-06-01 07:15:11