CVE-2024-11300

{"id": "CVE-2024-11300", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:24.777", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/8dca7994-0d92-491e-a419-02adfe23ffa4", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-639"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a user can access prompt data of another user. This issue affects version 1.6.2 and the main branch. The vulnerability allows unauthorized users to view sensitive prompt data by accessing specific URLs, leading to potential exposure of critical information."}, {"lang": "es", "value": "En lunary-ai/lunary, versiones anteriores a la 1.6.3, existe una vulnerabilidad de control de acceso indebido que permite a un usuario acceder a los datos de los avisos de otro usuario. Este problema afecta a la versi\u00f3n 1.6.2 y a la rama principal. Esta vulnerabilidad permite a usuarios no autorizados acceder a datos confidenciales de los avisos mediante URL espec\u00edficas, lo que podr\u00eda exponer informaci\u00f3n cr\u00edtica."}], "lastModified": "2025-10-15T13:15:39.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8E98F12-737E-4F73-B80A-71F7DA277455", "versionEndExcluding": "1.6.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}