An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25.
Metrics
Affected Vendors & Products
References
History
Sun, 03 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 |
Sun, 03 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary-ai
Lunary-ai lunary |
|
CPEs | cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary-ai
Lunary-ai lunary |
|
Metrics |
ssvc
|
Mon, 23 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary
Lunary lunary |
|
Weaknesses | CWE-639 | |
CPEs | cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary
Lunary lunary |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:08:23.755Z
Updated: 2024-11-03T18:27:23.511Z
Reserved: 2024-05-19T17:50:17.519Z
Link: CVE-2024-5128
Vulnrichment
Updated: 2024-08-01T21:03:10.715Z
NVD
Status : Modified
Published: 2024-06-06T19:16:04.323
Modified: 2024-11-03T17:15:14.427
Link: CVE-2024-5128
Redhat
No data.