First published: Tue Apr 21 2020(Updated: )
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Companion | <1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-4020.
The severity of CVE-2020-4020 is high with a severity value of 7.2.
The affected software is the Atlassian Companion App before version 1.0.0.
Remote attackers can exploit CVE-2020-4020 by executing arbitrary .exe files via a Protection Mechanism Failure, if they control a connected Confluence Server instance.
Yes, updating to version 1.0.0 or later of the Atlassian Companion App fixes CVE-2020-4020.