Sightline

High

lunary

Improper Access Control in Prompt Update Functionality

A vulnerability in the lunary-ai/lunary software allows unauthorized users to update prompts due to improper access control. This issue affects version 1.2.2 and was patched in version 1.2.25.

Available publicly on May 21 2024 | Available with Premium on May 19 2024

CVE:

CVE-2024-5126

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Credit:

fewword

Assess Detect

Premium

Remediate

Remediation Steps

Upgrade to version 1.2.25 or later.
Review and strengthen access control checks in the application's patch and update methods.
Implement thorough validation and authorization checks for all sensitive operations.
Regularly audit and test the security of your application to identify and fix vulnerabilities.

Patch Details

Fixed Version: 1.2.25
Patch Commit: https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 568- related security advisories that are available with Sightline Premium.