Lucene search
AtlassianCVELIST:CVE-2020-36240HistoryFeb 28, 2021 - 12:00 a.m.
CVE-2020-36240
2021-02-2800:00:00
atlassian
www.cve.org
1
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
CNA Affected
[
{
"product": "Crowd",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
},
{
"lessThan": "4.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Design/Logic Flaw
2021-03-01 17:15:00
cve
cve
CVE-2020-36240
2021-03-01 17:15:12
nvd
nvd
CVE-2020-36240
2021-03-01 17:15:12
atlassian
atlassian
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
2021-02-16 18:29:42
Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
2021-02-16 18:29:42