Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation in lunary-ai/lunary
Vulnerability Description
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from inviting users with billing roles. As a result, admins can circumvent the intended access control, posing a risk to the organization's financial resources.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
lunary 访问控制错误漏洞
Vulnerability Description
Lunary是Lunary开源的一个 LLM 的生产工具包。 lunary 1.4.30之前版本存在访问控制错误漏洞,该漏洞源于用户创建端点未限制管理员邀请具有计费角色的用户,可能导致未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A