Lucene search

[email protected]NVD:CVE-2021-21471

HistoryJan 12, 2021 - 3:15 p.m.

CVE-2021-21471

2021-01-1215:15:16

[email protected]

web.nvd.nist.gov

cl-assistant

access control

api

integrity

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.

Affected configurations

Nvd

Node

sapcla-assistantRange<2.8.5

VendorProductVersionCPE
sapcla-assistant*cpe:2.3:a:sap:cla-assistant:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	cla-assistant	*	cpe:2.3:a:sap:cla-assistant::::::::

References

github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2021-21471

prion1 cvelist1 osv1 cve1