Sightline

High

lunary

IDOR Vulnerability in Prompt Update Function

An IDOR vulnerability in version 1.3.2 allows unauthorized users to update other users' prompts by manipulating the 'id' parameter. This issue was patched in version 1.4.3.

Available publicly on Sep 29 2024 | Available with Premium on Aug 04 2024

CVE:

CVE-2024-7473

CWE:

269:Improper Privilege Management

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Credit:

meme-dm

Assess Detect

Premium

Remediate

Remediation Steps

Update to version 1.4.3 or later.
Implement proper access control checks to ensure that users can only update their own prompts.
Validate the 'id' parameter to ensure it belongs to the authenticated user before processing the update request.

Patch Details

Fixed Version: 1.4.3
Patch Commit: https://github.com/lunary-ai/lunary/commit/88b55b01fcbab0fbbc5b8032a38d0345af98ecfa

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 568- related security advisories that are available with Sightline Premium.