CVE-2021-21471

EUVD-2021-8745
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
sapCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
sapcla-assistant
𝑥
< 2.8.5
𝑥
= Vulnerable software versions
References
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr