VYPR
Unrated severityNVD Advisory· Published Jun 27, 2024· Updated Oct 15, 2025

Improper Access Control in lunary-ai/lunary

CVE-2024-6086

Description

In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify organization attributes without proper authorization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lunary AI/Lunaryllm-fuzzy2 versions
    =1.2.7+ 1 more
    • (no CPE)range: =1.2.7
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.