Description

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25.

INFO

Published Date :

2024-06-06T18:08:23.755Z

Last Modified :

2024-11-03T18:27:23.511Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-5128 vulnerability.

Vendors Products
Lunary
  • Lunary
Lunary-ai
  • Lunary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-5128.

URL Resource
https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f cve-icon cve-icon
https://huntr.com/bounties/11248071-11b2-42d9-991a-504bf2044332 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact