Lucene search
Security-metrics-botATLASSIAN:CWD-5685HistoryFeb 16, 2021 - 6:29 p.m.
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
2021-02-1618:29:42
security-metrics-bot
jira.atlassian.com
32
crowd
cve-2020-36240
resourcedownloadrewriterule
remote attackers
unauthenticated
arbitrary files
web-inf
meta-inf
incorrect path access check
affected versions
fixed versions
security researcher
ge digital
software
EPSS
0.002
Percentile
56.4%
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
h3. Affected versions:
- version < 4.0.4
- 4.10.0 ≤ version < 4.1.2
h4. Fixed versions:
- 4.0.4
- 4.1.2
This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.
Related
atlassian
atlassian
cvelist
cvelist
CVE-2020-36240
2021-02-28 00:00:00
CVE-2020-29448
2020-11-10 00:00:00
prion
prion
Design/Logic Flaw
2021-03-01 17:15:00
Path traversal
2021-02-22 21:15:00
nvd
nvd
CVE-2020-36240
2021-03-01 17:15:12
CVE-2020-29448
2021-02-22 21:15:19
cve
cve
CVE-2020-36240
2021-03-01 17:15:12
CVE-2020-29448
2021-02-22 21:15:19
nessus
nessus