Описание
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.
Ссылки
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.2.7 (включая) до 1.4.3 (исключая)
cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 4.3
github
11 месяцев назад
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.
EPSS
Процентиль: 22%
0.00073
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639