Vulnerability in Atlassian Crowd
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access…
EPSS: 0.002 (45.9th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Crowd — versions unspecified, 4.1.0
References
- jira.atlassian.com/browse/CWD-5685 (x_refsource_MISC)