Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.1.2, 4.0.4
Affects Version/s: 4.0.3, 4.1.1
Component/s: None
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium
CVE ID:
CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected versions:

version < 4.0.4
4.10.0 ≤ version < 4.1.2

Fixed versions:

4.0.4
4.1.2

This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.

relates to

CONFSERVER-60469 Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

Published

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 16/Feb/2021 6:29 PM

Updated:: 16/Sep/2021 5:28 AM

Resolved:: 01/Mar/2021 1:55 AM

Details

Description

Affected versions:

Fixed versions:

Attachments

Issue Links

Activity

People

Dates