The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
7.8CVSS
7.4AI Score
0.001EPSS
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
7.2CVSS
7.1AI Score
0.006EPSS
Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companionβs blocklist and MacOS Gatekeeper to allow execution of code.
9.8CVSS
9.5AI Score
0.002EPSS