An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
History

Sun, 03 Nov 2024 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Thu, 31 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Lunary
Lunary lunary
Weaknesses CWE-639
CPEs cpe:2.3:a:lunary:lunary:1.3.2:*:*:*:*:*:*:*
Vendors & Products Lunary
Lunary lunary
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Tue, 29 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Lunary-ai
Lunary-ai lunary
CPEs cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*
Vendors & Products Lunary-ai
Lunary-ai lunary
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 13:00:00 +0000

Type Values Removed Values Added
Description An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
Title IDOR Vulnerability in lunary-ai/lunary
Weaknesses CWE-269
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-10-29T12:48:38.296Z

Updated: 2024-11-03T18:27:26.689Z

Reserved: 2024-08-04T13:43:18.648Z

Link: CVE-2024-7473

cve-icon Vulnrichment

Updated: 2024-10-29T13:28:27.583Z

cve-icon NVD

Status : Modified

Published: 2024-10-29T13:15:09.320

Modified: 2024-11-03T17:15:15.493

Link: CVE-2024-7473

cve-icon Redhat

No data.