Auto-Update: 2024-06-09T23:55:18.309645+00:00

2025-05-30 18:21:17 +00:00 · 2024-06-09 23:58:11 +00:00 · 2024-06-09 23:58:11 +00:00 · c409b10d94
commit c409b10d94
parent f53771f5a0
3 changed files with 65 additions and 12 deletions
--- a/CVE-2024/CVE-2024-53xx/CVE-2024-5389.json
+++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5389.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-5389",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-06-09T23:15:50.490",
+  "lastModified": "2024-06-09T23:15:50.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset prompts and their variations against the organization or project of the requesting user. As a result, unauthorized modifications to dataset prompts can occur, leading to altered or removed dataset prompts without proper authorization. This vulnerability impacts the integrity and consistency of dataset information, potentially affecting the results of experiments."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.3,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1220"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://huntr.com/bounties/3ca5309f-5615-4d5b-8043-968af220d7a2",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-06-09T22:00:18.564942+00:00
+2024-06-09T23:55:18.309645+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-06-09T20:15:09.550000+00:00
+2024-06-09T23:15:50.490000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-253204
+253205
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `1`

- [CVE-2024-2408](CVE-2024/CVE-2024-24xx/CVE-2024-2408.json) (`2024-06-09T20:15:09.270`)
- [CVE-2024-37569](CVE-2024/CVE-2024-375xx/CVE-2024-37569.json) (`2024-06-09T20:15:09.377`)
- [CVE-2024-37570](CVE-2024/CVE-2024-375xx/CVE-2024-37570.json) (`2024-06-09T20:15:09.460`)
- [CVE-2024-4577](CVE-2024/CVE-2024-45xx/CVE-2024-4577.json) (`2024-06-09T20:15:09.550`)
+- [CVE-2024-5389](CVE-2024/CVE-2024-53xx/CVE-2024-5389.json) (`2024-06-09T23:15:50.490`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -244408,7 +244408,7 @@ CVE-2024-2406,0,0,bce1950aa0ba3247257e0f9798cc049e12ff07a8e21e9064eb763cce3e8229
 CVE-2024-24060,0,0,3a6250076b98d97024da5e52a26f1f0c29807ef38de327e60f431783e4f1deaa,2024-02-03T00:40:48.600000
 CVE-2024-24061,0,0,3ae0e78c2ecb0941fa62f48d1dc7792d4436b76ec841f1dbf3bf2317943894c3,2024-02-03T00:40:50.623000
 CVE-2024-24062,0,0,ce51fb5fa7f08b3262a47fca149a06dc25ea5ca7c584b3ae7210563fa9fd54c1,2024-02-03T00:40:52.877000
-CVE-2024-2408,1,1,99b1663683fe2af9b5ec23507a0624f13481272e0d2380e5b8edfc7e953d02ee,2024-06-09T20:15:09.270000
+CVE-2024-2408,0,0,99b1663683fe2af9b5ec23507a0624f13481272e0d2380e5b8edfc7e953d02ee,2024-06-09T20:15:09.270000
 CVE-2024-2409,0,0,ba586e1c6181b06c3ede339eac17164a8a25d5149e65ad7809000b9e6c808051,2024-03-29T12:45:02.937000
 CVE-2024-24091,0,0,6258a73a312c8c072d234b916137958d60ec77d8bc24aab7428a6677fc85f73a,2024-02-08T13:44:21.670000
 CVE-2024-24092,0,0,d4ab4cc918de723ea385c13013f3b5223c8222e6f58b4c0135bd83322e27d646,2024-03-13T12:33:51.697000
@ -251951,9 +251951,9 @@ CVE-2024-37535,0,0,bd454e0fcc912157e5323613160bb422388727ccfdce2d01c2c3ed53ca1b2
 CVE-2024-3755,0,0,255cc63bdc34aca663119fb8f6757a7da5a9acef7ecda034d88dc05babf4b05b,2024-05-06T12:44:56.377000
 CVE-2024-3756,0,0,978b8204ea279199334a4c8c549150dc6420f24480b5effb717e8509749d66aa,2024-05-06T12:44:56.377000
 CVE-2024-37568,0,0,792c5701b5fb7885400af7f4a334831f13c3230a30fb2699482e05f86e58a680,2024-06-09T19:15:52.323000
-CVE-2024-37569,1,1,da3aaf6fc88604d0d3f4c54bbb57396e86483e72f82769220676af9f4e1bc942,2024-06-09T20:15:09.377000
+CVE-2024-37569,0,0,da3aaf6fc88604d0d3f4c54bbb57396e86483e72f82769220676af9f4e1bc942,2024-06-09T20:15:09.377000
 CVE-2024-3757,0,0,62301a2775fcbfb9e8b5b1aa90b79aa074cd639699f2863765d338333af4b798,2024-05-07T13:39:32.710000
-CVE-2024-37570,1,1,cf87b1eacee57f534525396cbf5841ee0cae832d5f42c3a7daa3d9f1b9edc2ae,2024-06-09T20:15:09.460000
+CVE-2024-37570,0,0,cf87b1eacee57f534525396cbf5841ee0cae832d5f42c3a7daa3d9f1b9edc2ae,2024-06-09T20:15:09.460000
 CVE-2024-3758,0,0,3ea9ecbea279ca1eb1159e542db09b1cab2d2435be79c6a6a563dc4d73ca4285,2024-05-07T13:39:32.710000
 CVE-2024-3759,0,0,20211226ea875c33805e71e9c0afa18c7ce1ad112702c8859afd48ee84347f62,2024-05-07T13:39:32.710000
 CVE-2024-3761,0,0,c0af44e486388b5bef077e784125f415f33c54c3c3a8677d0ab80af1f3e8df6c,2024-05-20T13:00:04.957000
@ -252543,7 +252543,7 @@ CVE-2024-4571,0,0,b379f15291a8a65b330c223bc6a31fd0a21b183a906c0a4077ca3cf5d38b8a
 CVE-2024-4572,0,0,f5ca5c1acec751c453949e3111f6be45773ff402d3c1d2b8e88127a059aa7b1b,2024-05-14T15:44:06.153000
 CVE-2024-4574,0,0,313ec0d117ac92e67c29da349740abe9395db1d3208f8156cb88d417271721b1,2024-05-14T16:11:39.510000
 CVE-2024-4575,0,0,6bded3a6c54fd2b7daead76b33ebe13f0b01e085cf3109c110abbf745910c26e,2024-05-24T01:15:30.977000
-CVE-2024-4577,1,1,3cff131b1781169970981ca744c331e6489201e4d78b7500ace10c88c7f37f8e,2024-06-09T20:15:09.550000
+CVE-2024-4577,0,0,3cff131b1781169970981ca744c331e6489201e4d78b7500ace10c88c7f37f8e,2024-06-09T20:15:09.550000
 CVE-2024-4579,0,0,92215db7ae90e73ed5f9ed593ac042a14c345d9cfa9b9e96b650abf914d87abf,2024-05-14T15:44:07.607000
 CVE-2024-4580,0,0,8eea2c6efcadf197a7eb186820cafc4d96f736bb0925ed6e0f257f524d44d971,2024-05-16T13:03:05.353000
 CVE-2024-4581,0,0,76d80edc646ff1ece35896e94283319c4ca53356d1c75c256f7ea9adb85effeb,2024-06-04T16:57:41.053000
@ -253078,6 +253078,7 @@ CVE-2024-5384,0,0,fc8a760c5f8c6533d32783fcf44bb063e589b4e165b4e3e16391c3aeb9ec5e
 CVE-2024-5385,0,0,bc3c0d01b2051e708e659a5c3590b7dd8cb9dd588e93f64ca3944fc804f9c929,2024-05-28T12:39:28.377000
 CVE-2024-5387,0,0,857b2af9507e1fb781392f9f45599eb9ea380f1e8b91dd3c69ea7be187de1f2a,2024-06-03T19:15:09.500000
 CVE-2024-5388,0,0,0c90149987e278137050d2b65080c43dd31aa72e74992bde244a30e0d49fbf46,2024-06-03T19:15:09.557000
+CVE-2024-5389,1,1,1db1ba22a96ebb4a857c07fe5194827a0073c8e77d912252394f65c2925e5b22,2024-06-09T23:15:50.490000
 CVE-2024-5390,0,0,7bbbc0fbbf0080c37ea508796076f5055d10a83119ccd7fea3223bbf180b1d73,2024-06-04T19:21:08.020000
 CVE-2024-5391,0,0,00f61420375c40b8d29b33273a9abb170480b355b8f71230d76cd6238a9db4ff,2024-06-07T20:15:12.687000
 CVE-2024-5392,0,0,f7219b2013d34cef28a688dbd5b89c3b8013dcb24b8103dca8d259a586db6696,2024-06-04T19:21:08.117000