Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-3379

Опубликовано: 14 нояб. 2024
Источник: nvd
CVSS3: 9.6
CVSS3: 8.1
CVSS3: 9.6
EPSS Низкий

Описание

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
Версия от 1.2.2 (включая) до 1.2.7 (исключая)

EPSS

Процентиль: 33%
0.00129
Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-863
CWE-863

Связанные уязвимости

github логотип

GHSA-8pg7-v7vv-p54p

CVSS3: 9.6
github
около 1 года назад

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.

EPSS

Процентиль: 33%
0.00129
Низкий

9.6 Critical

CVSS3

8.1 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-863
CWE-863