| |
Vulnerability CVE-2021-21471
Published: 2021-01-12
| Description: |
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application. |
Type:
NVD-CWE-Other
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
