18 matches found
CVE-2021-21471
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application...
CVE-2023-39438
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
Authorization
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438
CLA-assistant’s API suffers from a missing authorization check that allows any authenticated user to perform certain operations, including reading CLA data (and signer details) and updating or deleting CLA configurations for repositories or organizations. Stored GitHub tokens are not exposed in A...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
Contributor License Agreement assistant 授权问题漏洞
Contributor License Agreement assistant CLA assistant is a Javascript-based contributor agreement management software from the cla-assistant team that integrates with Github. It provides the ability to ask contributors to sign a CLA when they pull code. An authorization issue vulnerability exists...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
Input validation
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application...
CVE-2022-29617
The CVE-2022-29617 entry concerns the CLA assistant (Contributor License Agreement assistant). Multiple connected sources describe an issue caused by improper error handling that allows an authenticated user to crash the CLA assistant instance, which could impact availability of the application. ...
CVE-2021-21471
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application...
Improper access control
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application...
CVE-2021-21471
CVE-2021-21471 affects CLA-Assistant; versions before 2.8.5 are vulnerable due to improper access control. An authenticated user could access API endpoints not intended for user access, risking integrity of the application. The vulnerability is documented across multiple sources (NVD, Red Hat, PR...
Cla-assistant Security Vulnerability
Cla-assistant is a Javascript-based contributor agreement management software from the Cla-assistant team that integrates with Github. The software provides the ability to ask for a signed CLA when a contributor pulls code. A security vulnerability exists in CLA-Assistant version 2.8.5 and earlie...