The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
Publication date: Mon, 01 Jun 2020 12:15:00 +0000