Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 7.3.1
Affects Version/s: Companion-Legacy
Component/s: Content - Edit Files / Companion
Labels:
- advisory
- advisory-released
- cve-2020-4020
- cvss-high
- injection
- phase-2
- rce
- security
- ssrf

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

Acknowledgements

Credit for finding this vulnerability goes to Johannes Hatting (UFST).

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 16/Apr/2020 8:37 PM

Updated:: 28/Jun/2020 11:06 PM

Resolved:: 16/Apr/2020 11:03 PM