CVE-2024-4151

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-639
View all →

Vulnerability Description

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.

Related Vulnerabilities

CVE-2024-29194

HIGH
CVSS:8.3(High)

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_maste...

CWE-6392024

CVE-2025-26788

HIGH
CVSS:8.4(High)

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

CWE-6392025

CVE-2022-4806

HIGH
CVSS:8.2(High)

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CWE-6392022

CVE-2019-12782

HIGH
CVSS:8.1(High)

An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards ...

CWE-6392019

CVE-2020-36126

HIGH
CVSS:8.1(High)

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user...

CWE-6392020

CVE-2021-24739

HIGH
CVSS:8.1(High)

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

CWE-6392021