First published: Thu Nov 14 2024(Updated: )
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Lunary Lunary | >=1.2.2<1.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.