CVE-2020-4020
published 2020-06-01CVE-2020-4020: The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | companion | < 1.0.0 | 1.0.0 |
| atlassian | companion_app | >= unspecified < 1.0.0 | 1.0.0 |