← Voltar para CVEs
CVE-2024-5131
MEDIUM6.5
Descricao
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado6/6/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
lunary:lunary
Fraquezas (CWE)
CWE-639CWE-639
Referencias
https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf(security@huntr.dev)
https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f(security@huntr.dev)
https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf(af854a3a-2127-422b-91ae-364da2661108)
https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.