CVE-2024-7473 - CERT CVE
ID CVE-2024-7473
Sažetak An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
Reference
CVSS
Base: 7.5
Impact: 3.6
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH NONE
CVSS vektor CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Zadnje važnije ažuriranje 29-10-2024 - 14:34
Objavljeno 29-10-2024 - 13:15