PT-2024-18210 · Lunary Ai · Lunary

Published

2024-04-15

Updated

2024-06-07

CVE-2024-1665

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.0.0

Description The issue concerns unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. Although the web UI restricts evaluation creation, the lack of server-side checks allows for potential unauthorized access.

Recommendations For lunary-ai/lunary version 1.0.0, consider implementing server-side checks for user account status during evaluation creation to prevent unauthorized access. As a temporary workaround, restrict evaluation creation to authorized users until a patch is available.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-1665

Affected Products

Lunary

PT-2024-18210 · Lunary Ai · Lunary

CVE-2024-1665

Related Identifiers

Affected Products

References · 4