-
Bug
-
Resolution: Fixed
-
Low
-
Companion-Legacy
-
Severity 2 - Major
-
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
Acknowledgements
Credit for finding this vulnerability goes to Johannes Hatting (UFST).