Описание
An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7.
Ссылки
- Patch
- ExploitThird Party Advisory
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.7 (исключая)
cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00137
Низкий
8.1 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-863
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7.
EPSS
Процентиль: 34%
0.00137
Низкий
8.1 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-863
NVD-CWE-noinfo