High Severity

lunary

Privilege Escalation Vulnerability in Dataset Deletion

A Privilege Escalation Vulnerability in lunary-ai/lunary version 1.2.2 allows any user to delete any dataset. This issue was patched in version 1.2.8.

Available publicly on May 20 2024

8.2

CVE:

CVE-2024-5129

CWE:

862:Missing Authorization

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Credit:

fewword
AssessDetect

Premium

Remediate
Remediation Steps
  • Upgrade to lunary-ai/lunary version 1.2.8 or later.
  • Implement authorization checks on all sensitive endpoints to ensure that only users with the correct permissions can perform actions.
  • Regularly audit your codebase for similar vulnerabilities.
  • Consider implementing rate limiting and logging to detect and mitigate abuse patterns.
Patch Details
  • Fixed Version: 1.2.8
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon