cla-assistant
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39438 | Hig | 0.53 | 8.1 | 0.00 | Aug 15, 2023 | A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons… | ||
| CVE-2022-29617 | Med | 0.42 | 6.5 | 0.01 | Jun 6, 2022 | Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | ||
| CVE-2021-21471 | Med | 0.42 | 6.5 | 0.01 | Jan 12, 2021 | In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application. | ||
| CVE-2018-19527 | Med | 0.40 | 6.1 | 0.01 | Nov 29, 2018 | i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. |
- risk 0.53cvss 8.1epss 0.00
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons…
- risk 0.42cvss 6.5epss 0.01
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
- risk 0.42cvss 6.5epss 0.01
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.
- risk 0.40cvss 6.1epss 0.01
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.