exploitDog

CVE-2021-21471

Опубликовано: 12 янв. 2021

Источник: nvd

CVSS3: 6.5

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.

Ссылки

https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
Third Party Advisory
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:cla-assistant:*:*:*:*:*:*:*:*

Версия до 2.8.5 (исключая)

EPSS

Процентиль: 63%

0.00439

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

EPSS

Процентиль: 63%

0.00439

Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other