VYPR

Atlassian Companion App

by Atlassian

CVEs (2)

  • CVE-2020-4020Jun 1, 2020
    risk 0.00cvss epss 0.02

    The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

  • CVE-2020-4019Jun 1, 2020
    risk 0.00cvss epss 0.00

    The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.