Description

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.

INFO

Published Date :

2024-05-21T17:57:28.152Z

Last Modified :

2025-01-31T11:05:21.786Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4154 vulnerability.

Vendors Products
Lunary
  • Lunary
Lunary-ai
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4154.

URL Resource
https://github.com/lunary-ai/lunary/commit/c43b6c62035f32ca455f66d5fd22ba661648cde7 cve-icon cve-icon
https://huntr.com/bounties/e56509af-f7af-4e1e-a04b-9cb53545f30f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact