Security Advisory

CVE-2020-36240

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-01 16:23:08

Last updated 2024-09-17 01:22:12

Assigner atlassian

State PUBLISHED

Description

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

← Browse all CVEs View on cve.org ↗