CVE-2021-21471

Published: Jan 12, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.

Affected (1)

Products: Sap: Cla Assistant

Sap

1 product

Cla Assistant

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Cla Assistant	Before 2.8.5

References (2)

https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr

Source: cna@sap.com

Third Party Advisory

https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.