CVE-2024-5126

CVSS V2 None CVSS V3 None

Description

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in version 1.2.25.

Overview

CVE ID
CVE-2024-5126

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-06-06T18:11:28.155Z

Last Modified Date
2024-06-07T17:07:52.117Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/8e7e1267-ea6c-4789-b9dc-3410dfac6ec6
https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5126
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5126

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 03:12:31				Added to TrackCVE