CVE-2024-4147

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.2.13

Description An insufficient granularity of access control allows users to delete prompts created in other organizations through ID manipulation. The application does not validate the ownership of the prompt before deletion, only checking for deletion permissions without verifying organizational affiliation. This can lead to legitimate users being unable to access removed prompts and cause information inconsistencies.

Recommendations Ensure proper validation of prompt ownership before allowing deletion operations.