CVE-2020-4019
First published: Mon Jun 01 2020(Updated: )
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Companion | <1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the file editing functionality in the Atlassian Companion App?
The vulnerability ID is CVE-2020-4019.
What is the severity of CVE-2020-4019?
The severity of CVE-2020-4019 is high with a CVSS score of 7.8.
What is the affected software for CVE-2020-4019?
The affected software is the Atlassian Companion App before version 1.0.0.
How does CVE-2020-4019 affect the Atlassian Companion App?
CVE-2020-4019 allows local attackers to have the app run a different executable in place of the app's cmd.exe via an untrusted search path vulnerability.
Is there a fix for CVE-2020-4019?
Yes, the fix for CVE-2020-4019 is to update the Atlassian Companion App to version 1.0.0 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/atlassian
- canonical/atlassian companion