CVE-2024-7476 — MEDIUM (4.3)

Q: How severe is CVE-2024-7476?

CVE-2024-7476 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-7476?

Check the references section above for vendor advisories and patch information. Affected products include: Lunary Lunary.

Vulnerability Description

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endpoint. This issue is resolved in version 1.4.3.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Lunary	Lunary	>= 1.2.7, < 1.4.3

Related Weaknesses (CWE)

CWE-639

References

https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5fPatch
https://huntr.com/bounties/183761f7-d411-4332-af86-2ccfbcc5bd9fExploitThird Party Advisory

FAQ

What is CVE-2024-7476?

CVE-2024-7476 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HT...

How severe is CVE-2024-7476?

CVE-2024-7476 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-7476?

Check the references section above for vendor advisories and patch information. Affected products include: Lunary Lunary.