6 matches found
Gitea security vulnerabilities
Gitea is a lightweight Git service developed using Go language in the Gitea community. Gitea has a security vulnerability that stems from improper verification of project ownership during organizational project operations. This vulnerability could allow a user with write access to an organization...
CVE-2024-1626
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary
An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...
CVE-2024-1626
CVE-2024-1626 affects lunary-ai/lunary (version 0.3.0). Affected component: project update endpoint /v1/projects/:projectId. Root cause: insufficient authorization checks allow authenticated users to modify any project’s name by referencing a projectId not owned by them, enabling cross-organizati...