IDOR Vulnerability in Template Version Management
An IDOR (Insecure Direct Object Reference) vulnerability was discovered in lunary-ai/lunary version 1.2.2, allowing unauthorized viewing and updating of any prompts in any projects. This issue was not specified as patched in the provided data.
Available publicly on May 20 2024
Remediation Steps
- Ensure proper access control checks are implemented for all sensitive endpoints, particularly those allowing viewing or modification of data.
- Implement permission verification based on both the user's identity and their association with the project ID specified in the request.
- Regularly audit and review code for potential IDOR vulnerabilities.
- Update the affected software to a version where this vulnerability is patched, once available.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.