CVE-2024-10272 - CERT CVE
ID CVE-2024-10272
Sažetak lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET request to the /v1/datasets endpoint without a valid authorization token.
Reference
CVSS
Base: 7.5
Impact: 3.6
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 20-06-2025 - 15:48
Objavljeno 20-03-2025 - 10:15