Lucene search

Security-metrics-botCONFSERVER-59734

HistoryApr 16, 2020 - 9:16 p.m.

Untrusted Search Path in Content - Edit Files / Companion - CVE-2020-4019

2020-04-1621:16:53

security-metrics-bot

jira.atlassian.com

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app’s cmd.exe via a untrusted search path vulnerability.

h5. Acknowledgements
Credit for finding this vulnerability goes to Johannes Hatting (UFST).

Affected configurations

Vulners

Node

atlassianconfluence_data_centerRange≤Companion-Legacy

atlassianconfluence_data_centerRange<Companion-1.0.0

VendorProductVersionCPE
atlassianconfluence_data_center*cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	confluence_data_center	*	cpe:2.3:a:atlassian:confluence_data_center::::::::

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

Related for CONFSERVER-59734