Description

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1/datasets` is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. The impact of this vulnerability is significant as it permits unauthorized users to delete datasets, potentially leading to data loss or disruption of service.

INFO

Published Date :

2024-05-20T08:38:06.967Z

Last Modified :

2024-08-01T20:20:01.294Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3761 vulnerability.

Vendors Products
Lunary
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3761.

URL Resource
https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776 cve-icon cve-icon cve-icon
https://huntr.com/bounties/e95fb0a0-e54a-4da8-a33d-ba858d0cec55 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact