CVE-2024-10273
Last modified
CVE-2024-10273 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to modify. EPSS estimates a 0.40% chance of exploitation in the next 30 days.
Description
In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to modify. This vulnerability could lead to unauthorized changes in critical resources, affecting the integrity and reliability of the system.
Metrics
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lunary | Lunary | < 1.5.7 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-10273?
How severe is CVE-2024-10273?
How do I fix CVE-2024-10273?
Are you affected by CVE-2024-10273?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST