CVE-2024-5126

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary versions 1.2.2 through 1.2.24

Description An improper access control issue exists in the versions.patch functionality for updating prompts, allowing unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in a later version.

Recommendations For versions 1.2.2 through 1.2.24, update to version 1.2.25 to resolve the issue. As a temporary workaround, consider restricting access to the versions.patch functionality until the update is applied.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2024-5126

Affected Products

Lunary

CVE-2024-5126

Weakness Enumeration

Related Identifiers

Affected Products

References · 6