Sightline

High

lunary

Project Renaming by Unprivileged User

An unprivileged user can rename a project in the Lunary application version 1.2.2. This vulnerability allows a user with 'Member' role to rename projects they should not have access to. The issue was identified in the application's handling of project renaming requests. It was patched in the subsequent release following version 1.2.2.

Available publicly on May 21 2024

CVE:

CVE-2024-4154

CWE:

821:Incorrect Synchronization

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Credit:

ranjit-git

Assess Detect

Premium

Remediate

Remediation Steps

Ensure your Lunary application is updated to the latest version beyond 1.2.2.
Review and apply proper permission checks for sensitive operations such as project renaming.
Regularly audit user roles and permissions to ensure they are granted appropriately.
Implement logging and monitoring to detect unauthorized attempts to modify project settings.

Patch Details

Fixed Version: N/A
Patch Commit: N/A

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 436- related security advisories that are available with Sightline Premium.