cbcvebase.
CVE-2024-4151
published 2024-05-20

CVE-2024-4151: An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to…

PriorityP349high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.39%
30.9th percentile
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.

Affected

2 ranges
VendorProductVersion rangeFixed in
lunary-ailunary-ai_lunary>= unspecified < 1.2.251.2.25
lunarylunary< 1.2.251.2.25

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv3.08.3HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.