High

lunary

Privilege Escalation Vulnerability in Dataset Deletion

A Privilege Escalation Vulnerability in lunary-ai/lunary version 1.2.2 allows any user to delete any dataset. This issue was patched in version 1.2.8.

Available publicly on May 20 2024

8.2

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Credit:

fewword
Remediation Steps
  • Upgrade to lunary-ai/lunary version 1.2.8 or later.
  • Implement authorization checks on all sensitive endpoints to ensure that only users with the correct permissions can perform actions.
  • Regularly audit your codebase for similar vulnerabilities.
  • Consider implementing rate limiting and logging to detect and mitigate abuse patterns.
Patch Details
  • Fixed Version: 1.2.8
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 624 related security advisories that are available with Sightline Premium.