CVE-2024-4151: Improper Access Control in lunary-ai/lunary
First published: Mon May 20 2024(Updated: )
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <1.2.25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-4151?
CVE-2024-4151 is classified as a high severity vulnerability due to its impact on user data and potential unauthorized access.
How do I fix CVE-2024-4151?
To fix CVE-2024-4151, upgrade to lunary version 1.2.25 or later, which addresses the improper access control issues.
What software is affected by CVE-2024-4151?
CVE-2024-4151 affects lunary-ai/lunary versions prior to 1.2.25.
What type of vulnerability is CVE-2024-4151?
CVE-2024-4151 is an improper access control vulnerability that allows unauthorized users to view and update prompts.
What actions can be performed due to CVE-2024-4151?
CVE-2024-4151 allows users to view and update prompts in any projects due to insufficient access control checks.
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/source
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/lunary
- canonical/lunary lunary