Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
6.5CVSS
6.3AI Score
0.001EPSS
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as wel...
8.1CVSS
8AI Score
0.001EPSS