exploitDog

CVE-2020-4020

Опубликовано: 01 июн. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

Ссылки

https://jira.atlassian.com/browse/CONFSERVER-59733
Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-59733
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:companion:*:*:*:*:*:*:*:*

Версия до 1.0.0 (исключая)

EPSS

Процентиль: 71%

0.00674

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-72w5-xxp4-hp3g

github

больше 3 лет назад

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.

EPSS

Процентиль: 71%

0.00674

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other