CVE-2024-5131

CVSS V2 None CVSS V3 None

Description

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.

Overview

CVE ID
CVE-2024-5131

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-06-06T18:31:16.725Z

Last Modified Date
2024-06-07T19:28:05.525Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f
https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5131
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5131

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 03:26:21				Added to TrackCVE