An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
Metrics
Affected Vendors & Products
References
History
Sun, 03 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-269 |
Thu, 31 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary
Lunary lunary |
|
Weaknesses | CWE-639 | |
CPEs | cpe:2.3:a:lunary:lunary:1.3.2:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary
Lunary lunary |
|
Metrics |
cvssV3_1
|
Tue, 29 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary-ai
Lunary-ai lunary |
|
CPEs | cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary-ai
Lunary-ai lunary |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3. | |
Title | IDOR Vulnerability in lunary-ai/lunary | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-10-29T12:48:38.296Z
Updated: 2024-11-03T18:27:26.689Z
Reserved: 2024-08-04T13:43:18.648Z
Link: CVE-2024-7473
Vulnrichment
Updated: 2024-10-29T13:28:27.583Z
NVD
Status : Modified
Published: 2024-10-29T13:15:09.320
Modified: 2024-11-03T17:15:15.493
Link: CVE-2024-7473
Redhat
No data.