CVE-2023-39438

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 15, 2023

Updated: Aug 22, 2023

CWE ID 862

CWE ID 863

CWE ID 424

Summary

CVE-2023-39438 is a vulnerability affecting the CLA-assistant API. An authenticated user can bypass authorization checks, enabling them to read sensitive CLA information, including signatory details and custom fields. Additionally, they can update or delete CLA-configuration settings for repositories and organizations. Despite this, stored GitHub access tokens remain secure as they are redacted from API responses.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sMQ-fu
https://www.cve.org/CVERecord?id=CVE-2023-39438
https://nvd.nist.gov/vuln/detail/CVE-2023-39438

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2023-39438

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations