How severe is CVE-2024-5128?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.4 out of 10.

What type of vulnerability is CVE-2024-5128?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-5128 - CRITICAL Severity | CVSS 9.4

Vulnerability Description

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25.

Related Vulnerabilities

CVE-2019-6716

CRITICAL

CVSS:9.4(Critical)

An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory userna...

CWE-6392019

CVE-2022-1996

CRITICAL

CVSS:9.3(Critical)

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

CWE-6392022

CVE-2024-5619

CRITICAL

CVSS:9.6(Critical)

Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...

CWE-6392024

CVE-2019-17382

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repor...

CWE-6392019

CVE-2019-17574

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or p...

CWE-6392019

CVE-2019-19755

CRITICAL

CVSS:9.1(Critical)

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: a...

CWE-6392019