Exploit Report

Computer Security And Bug Information

CVE-2024-5389

CVECVE-2024-5389
CVE Title
Published Date2024-06-09T23:15Z
Modified Date2024-06-12T16:31Z
CWE TypeNVD-CWE-Other
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
DescriptionIn lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://huntr.com/bounties/3ca5309f-5615-4d5b-8043-968af220d7a2
Reference Description https://huntr.com/bounties/3ca5309f-5615-4d5b-8043-968af220d7a2
Reference Description
TagsExploit Third Party Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles