Home > Vulnerability Database > CVE-2024-1741

Mend.io Vulnerability Database

CVE-2024-1741

Good to know:

Date: April 10, 2024

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data.

Language: TYPE_SCRIPT

Severity Score

9.1

Related Resources (4)

Url: https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1741

Url: https://huntr.com/bounties/671bd040-1cc5-4227-8182-5904e9c5ed3b

Url: https://www.mend.io/vulnerability-database/CVE-2024-1741

Severity Score

9.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version v1.2.8

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1741

Good to know:

Date: April 10, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?