CVE-2020-4020

Summary

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

Affected Software

VendorProductVersion RangeStatus
AtlassianCompanion Appunspecified < 1.0.0affected

Weaknesses

  • Protected Mechanism Failure

ADP Enrichment

CVE Program Container

Additional References

References