PT-2024-34593 · Lunary Ai · Lunary
Published
2024-06-06
·
Updated
2024-11-03
·
CVE-2024-5131
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
lunary-ai/lunary versions up to and including 1.2.2
Description
An Improper Access Control issue exists, allowing unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID.
Recommendations
For versions up to and including 1.2.2, update to version 1.2.25 to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoint until the update is applied.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lunary