Vulnerabilities > CVE-2024-7473 - Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |