CVE-2024-5131
Improper Access Control in lunary-ai/lunary
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25.
Existe una vulnerabilidad de control de acceso inadecuado en el repositorio lunary-ai/lunary, que afecta a las versiones hasta la 1.2.2 incluida. La vulnerabilidad permite a usuarios no autorizados ver cualquier mensaje en cualquier proyecto al proporcionar un ID de mensaje específico a un endpoint que no verifica adecuadamente la propiedad del ID de mensaje. Este problema se solucionó en la versión 1.2.25.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-19 CVE Reserved
- 2024-06-06 CVE Published
- 2024-11-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/lunary-ai/lunary/commit/ddfd497afd017a6946c582a1a806687fdac888bf | ||
| https://huntr.com/bounties/52c129f2-114e-492f-aee8-32c78f75ac4f |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lunary-ai Search vendor "Lunary-ai" | Lunary Search vendor "Lunary-ai" for product "Lunary" | * | - |
Affected
| ||||||
| Lunary Search vendor "Lunary" | Lunary Search vendor "Lunary" for product "Lunary" | * | - |
Affected
| ||||||