VYPR
Unrated severityNVD Advisory· Published Nov 14, 2024· Updated Nov 18, 2024

Incorrect Authorization in lunary-ai/lunary

CVE-2024-3379

Description

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    >=1.2.2 <=1.2.6+ 1 more
    • (no CPE)range: >=1.2.2 <=1.2.6
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.