CVE-2024-7473
- Reference to the description:
- Description:
- An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' prompts by manipulating the 'id' parameter in the request. The issue is fixed in version 1.4.3.
- Last updated date:
- 11/03/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/31/2024
- Reference url to background
https://huntr.com/bounties/afecd927-b5f6-44ba-9147-5c45091beda5