High Severity

lunary

Improper Access Control in Prompt Update Functionality

A vulnerability in the lunary-ai/lunary software allows unauthorized users to update prompts due to improper access control. This issue affects version 1.2.2 and was patched in version 1.2.25.

Available publicly on May 21 2024

7.6

CVE:

CVE-2024-5126

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Credit:

fewword
AssessDetect

Premium

Remediate
Remediation Steps
  • Upgrade to version 1.2.25 or later.
  • Review and strengthen access control checks in the application's patch and update methods.
  • Implement thorough validation and authorization checks for all sensitive operations.
  • Regularly audit and test the security of your application to identify and fix vulnerabilities.
Patch Details
  • Fixed Version: 1.2.25
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon