Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: Companion-1.0.0
Affects Version/s: Companion-Legacy
Component/s: Content - Edit Files / Companion
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.

Acknowledgements

Credit for finding this vulnerability goes to Johannes Hatting (UFST).

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 16/Apr/2020 9:16 PM

Updated:: 21/Jun/2020 11:50 PM

Resolved:: 16/Apr/2020 11:10 PM

Details

Description

Acknowledgements

Attachments

Forms

Activity

People

Dates