2 matches found
CVE-2023-39438
CLA-assistant’s API suffers from a missing authorization check that allows any authenticated user to perform certain operations, including reading CLA data (and signer details) and updating or deleting CLA configurations for repositories or organizations. Stored GitHub tokens are not exposed in A...
CVE-2022-29617
The CVE-2022-29617 entry concerns the CLA assistant (Contributor License Agreement assistant). Multiple connected sources describe an issue caused by improper error handling that allows an authenticated user to crash the CLA assistant instance, which could impact availability of the application. ...