Lucene search
+L

4 matches found

NVD
NVD
added 2024/04/10 5:15 p.m.17 views

CVE-2024-1625

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS7.4AI score0.00436EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.12 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS6.7AI score0.00436EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.23 views

CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...

7.5CVSS7.6AI score0.00436EPSS
Exploits1References2
CVE
CVE
added 2024/04/10 5:7 p.m.128 views

CVE-2024-1625

CVE-2024-1625 affects lunary-ai/lunary, version 0.3.0, with an Insecure Direct Object Reference (IDOR) in the project deletion endpoint. The root cause is insufficient authorization checks that fail to verify if the provided project ID belongs to the requesting user’s organization, enabling delet...

7.5CVSS6.5AI score0.00436EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder