Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:1 p.m.9 views

CVE-2024-10762

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS6.8AI score0.00508EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10762

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS6.9AI score0.00508EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-10762 Missing Authorization in lunary-ai/lunary

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS8AI score0.00508EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.50 views

CVE-2024-10762

CVE-2024-10762 affects lunary-ai/lunary prior to version 1.5.9. The /v1/evaluators/ endpoint does not enforce access control, permitting low-privilege users to issue DELETE requests that delete evaluator data, causing permanent data loss and potential operational disruption. Evidence from multipl...

8.1CVSS8AI score0.00508EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.7 views

CVE-2024-10762 Missing Authorization in lunary-ai/lunary

In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...

8.1CVSS0.00508EPSS
Exploits1References2
Rows per page
Query Builder