Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Crowd 安全漏洞
Vulnerability Description
Atlassian Crowd是澳大利亚Atlassian公司的一套基于Web的单点登录系统。该系统为多用户、网络应用程序和目录服务器提供验证、授权等功能。 Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 存在安全漏洞,该漏洞允许未经身份验证的远程攻击者通过错误的路径访问检查读取WEB-INF和META-INF目录中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A