VYPR

cla-assistant

by cla-assistant

CVEs (4)

  • CVE-2023-39438HigAug 15, 2023
    risk 0.53cvss 8.1epss 0.00

    A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons…

  • CVE-2022-29617MedJun 6, 2022
    risk 0.42cvss 6.5epss 0.01

    Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.

  • CVE-2021-21471MedJan 12, 2021
    risk 0.42cvss 6.5epss 0.01

    In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.

  • CVE-2018-19527MedNov 29, 2018
    risk 0.40cvss 6.1epss 0.01

    i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.