CVE-2021-21471

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
sapCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sapcla-assistant
𝑥
< 2.8.5
𝑥
= Vulnerable software versions
References
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr