SAP Contributor License Agreement Assistant
By the Year
In 2024 there have been 0 vulnerabilities in SAP Contributor License Agreement Assistant . Last year Contributor License Agreement Assistant had 1 security vulnerability published. Right now, Contributor License Agreement Assistant is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.10 |
| 2022 | 1 | 6.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Contributor License Agreement Assistant vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Contributor License Agreement Assistant Security Vulnerabilities
A missing authorization check
CVE-2023-39438
8.1 - High
- August 15, 2023
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses.
AuthZ
Due to improper error handling an authenticated user can crash CLA assistant instance
CVE-2022-29617
6.5 - Medium
- June 06, 2022
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
Improper Handling of Exceptional Conditions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Contributor License Agreement Assistant or by SAP? Click the Watch button to subscribe.
