CVE-2024-4147
📋 TL;DR
This vulnerability allows authenticated users in lunary-ai/lunary to delete prompts belonging to other organizations through ID manipulation. The application fails to validate prompt ownership before deletion, only checking general delete permissions. This affects all organizations using vulnerable versions of lunary where users can access the prompt deletion functionality.
💻 Affected Systems
- lunary-ai/lunary
⚠️ Risk & Real-World Impact
Worst Case
Malicious or compromised users could systematically delete all prompts across all organizations, causing complete data loss, service disruption, and forcing organizations to restore from backups.
Likely Case
Accidental or intentional deletion of prompts from other organizations, causing data inconsistencies, workflow disruptions, and potential business impact for affected organizations.
If Mitigated
With proper access controls, users can only delete prompts within their own organization, maintaining data integrity and preventing cross-organization data manipulation.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of prompt IDs from other organizations. The vulnerability is straightforward to exploit once an attacker identifies valid prompt IDs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 0755dde1afc2a74ec23b55eee03e4416916cf48f
Vendor Advisory: https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f
Restart Required: Yes
Instructions:
1. Update lunary to a version containing commit 0755dde1afc2a74ec23b55eee03e4416916cf48f
2. Restart the lunary application
3. Verify the fix by testing prompt deletion across organizational boundaries
🔧 Temporary Workarounds
Disable prompt deletion functionality
allTemporarily disable the prompt deletion endpoint or feature until patching can be completed
# Configuration depends on deployment method. Modify application configuration to disable DELETE /api/prompts/{id} endpoint
Implement API gateway validation
allAdd additional access control layer at API gateway to validate prompt ownership before forwarding requests
# Implementation specific to your API gateway (e.g., Kong, NGINX, AWS API Gateway)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate different organizations' access
- Enable comprehensive audit logging for all prompt deletion operations and monitor for cross-organization access patterns
🔍 How to Verify
Check if Vulnerable:
Check if running lunary version 1.2.13. Test by attempting to delete a prompt ID from another organization (requires test environment).Check Version:
Check package.json or application version endpoint specific to your deploymentVerify Fix Applied:
After patching, attempt to delete a prompt from another organization - the operation should fail with proper authorization error. Verify the commit hash includes 0755dde1afc2a74ec23b55eee03e4416916cf48f.📡 Detection & Monitoring
Log Indicators:
- DELETE requests to /api/prompts/ endpoint with successful responses (200/204) where user organization doesn't match prompt organization
- Unusual pattern of prompt deletions across multiple organization IDs
Network Indicators:
- Multiple DELETE requests to prompt endpoints with varying ID patterns
- Unusual volume of DELETE operations from single user
SIEM Query:
source="lunary-logs" action="DELETE" path="/api/prompts/*" | stats count by user_id, organization_id, prompt_organization_id | where organization_id != prompt_organization_id