Lucene search

Veracode Vulnerability DatabaseVERACODE:47487

HistoryJun 12, 2024 - 6:34 a.m.

Insufficient Granularity Of Access Control

2024-06-1206:34:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

insufficient granularity

dataset ownership

unauthorized modifications

integrity

consistency

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized modifications that can impact the integrity and consistency of dataset information.

CPENameOperatorVersion
lunaryle1.0.32
lunaryle1.0.32

CPE	Name	Operator	Version
	lunary	le	1.0.32
	lunary	le	1.0.32

References

github.com/advisories/GHSA-3mwc-2cj7-gx8c

huntr.com/bounties/3ca5309f-5615-4d5b-8043-968af220d7a2

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for VERACODE:47487