cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-39438,https://securityvulnerability.io/vulnerability/CVE-2023-39438,Missing Authorization check allows certain operations on CLA Assistant data,"A missing authorization check in the CLA-assistant API permits any authenticated user to conduct unauthorized operations. This includes the ability to read sensitive CLA information and configurations tied to repositories or organizations. Specifically, users can access details about CLA signers and custom fields configured by CLA requesters. Furthermore, they can update or even delete existing CLA configurations. Fortunately, stored access tokens for GitHub remain secure as they are redacted in the API responses.",SAP,Cla Assistant,8.1,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-08-15T17:15:00.000Z,0
CVE-2022-29617,https://securityvulnerability.io/vulnerability/CVE-2022-29617,,Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.,SAP,Cla Assistant,6.5,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2022-06-06T19:38:53.000Z,0
CVE-2021-21471,https://securityvulnerability.io/vulnerability/CVE-2021-21471,,"In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.",SAP,Cla-assistant,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-01-12T14:21:12.000Z,0