CVE Vulnerabilities

CVE-2021-21471

Published: Jan 12, 2021 | Modified: Jan 15, 2021

CVSS 3.x

6.5

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS 2.x

4 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21471
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity of the application.

Affected Software

Name	Vendor	Start Version	End Version
Cla-assistant	Sap	*	2.8.5 (excluding)

References

https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-4h6f-c68c-pxhr

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.