Description
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr
Scores
CVSS v3
6.5
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
sap/cla-assistant
< 2.8.5
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026