ID CVE-2024-7473
Summary An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
References
Vulnerable Configurations
  • cpe:2.3:a:lunary:lunary:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:lunary:lunary:1.3.2:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-639
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 03-11-2024 - 17:15
Published 29-10-2024 - 13:15
Last modified 03-11-2024 - 17:15
Back to Top