-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.0.3, 4.1.1
-
None
-
5.3
-
Medium
-
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Affected versions:
- version < 4.0.4
- 4.10.0 ≤ version < 4.1.2
Fixed versions:
- 4.0.4
- 4.1.2
This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.
- relates to
-
CONFSERVER-60469 Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448
-
- Published
-