3 matches found
CVE-2024-5129
A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...
CVE-2024-5129 Privilege Escalation Vulnerability in lunary-ai/lunary
A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion...
CVE-2024-5129
The CVE-2024-5129 entry concerns lunary-ai/lunary version 1.2.2 where the datasets.delete function lacks authorization checks. This allows an unauthenticated user to delete any dataset by issuing a DELETE request with the dataset ID, constituting a privilege-escalation/unauthorized data deletion ...