CVE-2024-5128

CVSS V2 None CVSS V3 None

Description

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25.

Overview

CVE ID
CVE-2024-5128

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-06-06T18:08:23.755Z

Last Modified Date
2024-06-06T20:06:37.831Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/11248071-11b2-42d9-991a-504bf2044332
https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5128
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5128

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 02:56:46				Added to TrackCVE