CVE-2024-4151

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-20 15:15

Updated : 2024-05-20 15:17

NVD link : CVE-2024-4151

Mitre link : CVE-2024-4151

CVE.ORG link : CVE-2024-4151

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

8.3 /10