An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.
References
Link | Resource |
---|---|
https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf | Patch |
https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f | Exploit Third Party Advisory |
Configurations
History
03 Nov 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
03 Oct 2024, 16:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf - Patch | |
References | () https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f - Exploit, Third Party Advisory | |
CWE | CWE-639 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:* | |
First Time |
Lunary
Lunary lunary |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:16
Updated : 2024-11-03 17:15
NVD link : CVE-2024-5131
Mitre link : CVE-2024-5131
CVE.ORG link : CVE-2024-5131
JSON object : View
Products Affected
lunary
- lunary
CWE
CWE-639
Authorization Bypass Through User-Controlled Key