How severe is CVE-2024-5389?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2024-5389?

This is classified as CWE-1220, which is a common weakness in software security.

CVE-2024-5389 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments.

Related Vulnerabilities

CVE-2023-3227

MEDIUM

CVSS:5.4(Medium)

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.

CWE-12202023

CVE-2024-2412

MEDIUM

CVSS:5.3(Medium)

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registratio...

CWE-12202024

CVE-2025-1278

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restr...

CWE-12202025

CVE-2025-2408

MEDIUM

CVSS:5.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restri...

CWE-12202025

CVE-2024-12619

MEDIUM

CVSS:5.2(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to intern...

CWE-12202024

CVE-2024-13272

MEDIUM

CVSS:6.3(Medium)

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2.

CWE-12202024