216.73.216.86

CVE-2024-3379

· Published 14/11/2024 18:15 · Modified 18/11/2024 21:30

Labels: CVE-2024-3379 2024-11-14CVE-2024-3379CWE-863[email protected]

Essential information

Published
14/11/2024 18:15
Modified
18/11/2024 21:30
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project without having the necessary permissions or being assigned to that project. This issue was fixed in version 1.2.7.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lunary / lunary cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

References