4 matches found
CVE-2024-1625
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails t...
CVE-2024-1625
CVE-2024-1625 affects lunary-ai/lunary, version 0.3.0, with an Insecure Direct Object Reference (IDOR) in the project deletion endpoint. The root cause is insufficient authorization checks that fail to verify if the provided project ID belongs to the requesting user’s organization, enabling delet...