Lucene search
K

5 matches found

OSV
OSV
added 2024/10/29 1:15 p.m.22 views

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

6.5CVSS6.5AI score0.00433EPSS
Exploits1References2
NVD
NVD
added 2024/10/29 1:15 p.m.31 views

CVE-2024-7473

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS0.00433EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:48 p.m.22 views

CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS6.7AI score0.00433EPSS
Exploits1References2
CVE
CVE
added 2024/10/29 12:48 p.m.61 views

CVE-2024-7473

CVE-2024-7473 describes an IDOR in Lunary AI: lunary-ai/lunary versions 1.3.2 to 1.4.2 allow an authenticated user to update other users’ prompts by manipulating the request’s id parameter in the Evaluations function of the umgws datasets. The root cause is unauthorized modification of a user-con...

7.5CVSS6.8AI score0.00433EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/10/29 12:48 p.m.37 views

CVE-2024-7473 IDOR Vulnerability in lunary-ai/lunary

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3...

7.5CVSS0.00433EPSS
Exploits1References2
Rows per page
Query Builder