2 matches found
Lunary 授权问题漏洞
lunary is lunary open source a production toolkit for LLM . An improper authorization vulnerability exists in lunary, which stems from an insufficient access control mechanism at the /users/me/org endpoint, and can be exploited by an attacker to obtain sensitive information...
PT-2024-35320 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.5 Description: An improper access control issue exists due to a missing permission check in the "GET /v1/users/me/org" endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management...