Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5685

Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

XMLWordPrintable

    • 5.3
    • Medium
    • CVE-2020-36240

      The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

      Affected versions:

      • version < 4.0.4
      • 4.10.0 ≤ version < 4.1.2

      Fixed versions:

      • 4.0.4
      • 4.1.2

      This vulnerability is attributed to Amit Laish, a security researcher from GE Digital. 

            [CWD-5685] Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240

            Security Metrics Bot made changes -
            CVE ID New: CVE-2020-36240
            David Black made changes -
            Labels Original: advisory advisory-to-release dont-import security New: advisory advisory-released dont-import security
            David Black made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ] New: Reporter and Atlassian Staff [ 10751 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            David Black made changes -
            Description Original: The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

            h3. Affected versions:
             * version < 4.0.4
             * 4.10.0 ≤ version < 4.1.2

            h4. Fixed versions:
             * 4.0.4
             * 4.1.2             		New: The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

            h3. Affected versions:
             * version < 4.0.4
             * 4.10.0 ≤ version < 4.1.2

            h4. Fixed versions:
             * 4.0.4
             * 4.1.2

            This vulnerability is attributed to Amit Laish, a security researcher from GE Digital. 
            David Black made changes -
            Description Original:
            This vulnerability affects certain versions of Atlassian Crowd. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            		 New: The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

            h3. Affected versions:
             * version < 4.0.4
             * 4.10.0 ≤ version < 4.1.2

            h4. Fixed versions:
             * 4.0.4
             * 4.1.2
            David Black made changes -
            Summary Original: Major Security Report Disclosure - Pre-Authorization Arbitrary File Read [Confluence, Jira, Crowd] New: Pre-Authorization Limited Arbitrary File Read in Crowd - CVE-2020-36240
            David Black made changes -
            Link New: This issue relates to CONFSERVER-60469 [ CONFSERVER-60469 ]
            Security Metrics Bot made changes -
            Labels New: advisory advisory-to-release dont-import security
            Security Metrics Bot created issue -

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: