3 matches found
CVE-2024-5248
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
CVE-2024-5248
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the GET /v1/users/me/org endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management and project viewing/listing capabilities, explicitly...
CVE-2024-5248
Summary: In lunary-ai/lunary v1.2.5, an improper access control vulnerability exists due to a missing permission check on the GET /v1/users/me/org endpoint, allowing users with the Prompt Editor role to access the full organization user list. Root cause: Access control enforcement failure in the ...