Atlassian Companion App vulnerabilities

CVE-2020-4019 [HIGH] CWE-426 CVE-2020-4019: The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local atta The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.

CVE-2020-4020 [HIGH] CVE-2020-4020: The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.