Project Renaming by Unprivileged User
An unprivileged user can rename a project in the Lunary application version 1.2.2. This vulnerability allows a user with 'Member' role to rename projects they should not have access to. The issue was identified in the application's handling of project renaming requests. It was patched in the subsequent release following version 1.2.2.
Available publicly on May 21 2024
Remediation Steps
- Ensure your Lunary application is updated to the latest version beyond 1.2.2.
- Review and apply proper permission checks for sensitive operations such as project renaming.
- Regularly audit user roles and permissions to ensure they are granted appropriately.
- Implement logging and monitoring to detect unauthorized attempts to modify project settings.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.