Critical Severity

lunary

IDOR Vulnerability in Dataset Management

An IDOR vulnerability was identified in the lunary-ai/lunary application, allowing unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation across all projects. This issue affected version 1.2.2 and was patched in version 1.2.25.

Available publicly on May 20 2024

9.4

CVE:

CVE-2024-5128

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Credit:

fewword
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure proper access control checks are implemented before performing any data manipulation operations.
  • Update the application to version 1.2.25 or later, where the vulnerability has been patched.
  • Review and audit all data manipulation endpoints for similar vulnerabilities.
  • Implement logging and monitoring to detect potential abuse of data management functions.
Patch Details
  • Fixed Version: 1.2.25
  • Patch Commit: https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon