Unrated severityNVD Advisory· Published Mar 1, 2021· Updated Sep 17, 2024
CVE-2020-36240
CVE-2020-36240
Description
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/CWD-5685mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.