CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5133 – Account Takeover via Exposed Recovery Token in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5133
06 Jun 2024 — In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The is... • https://huntr.com/bounties/6057598d-93c4-4a94-bb80-5bd508013c5b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5478 – Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5478
06 Jun 2024 — A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the `orgId` parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the `orgId` parameter is directly embedded into the XML structure without proper sanitization or validation. Thi... • https://huntr.com/bounties/e899f496-d493-4c06-b596-cb0a88ad451b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5126 – Improper Access Control in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5126
06 Jun 2024 — An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in version 1.2.25. Existe una vulnerabilidad de control de acceso inadecuado en el repositorio lunary-ai/lunary, específicamente dentro de la ... • https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297 • CWE-284: Improper Access Control •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5128 – IDOR Vulnerability in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5128
06 Jun 2024 — An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version ... • https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3504 – Improper Access Control in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-3504
06 Jun 2024 — An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7. Existe una vulnerabilidad de control de acceso inadecuado en las versiones lunary-ai/lunary hasta la 1.2.2 incluida, donde un administrador puede actualizar cualquier usuario de la organización al propieta... • https://github.com/lunary-ai/lunary/commit/f7507f0949f6634f725ebb8da37c44f76542901f • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5277 – Weak Password Recovery Mechanism in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5277
06 Jun 2024 — In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the backend's handling of the reset password process, where the token, once used, is not discarded or invalidated, enabling its reuse. This vulnerability could lead to unauthorized account access if an attacker obtains the r... • https://huntr.com/bounties/6aaba769-d99c-48cf-90d2-7abad984213d • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5127 – Improper Access Control in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-5127
06 Jun 2024 — In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend f... • https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4148 – Redos (Regular Expression Denial of Service) in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-4148
01 Jun 2024 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes. Existe u... • https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4154 – Incorrect Synchronization in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-4154
21 May 2024 — In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources. En lunary-ai/lunary v... • https://huntr.com/bounties/e56509af-f7af-4e1e-a04b-9cb53545f30f • CWE-639: Authorization Bypass Through User-Controlled Key CWE-821: Incorrect Synchronization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4151 – Improper Access Control in lunary-ai/lunary
https://notcve.org/view.php?id=CVE-2024-4151
20 May 2024 — An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues. Existe una vulnerabilidad de control de acceso inadecuado en lunary-ai/lunary versión 1.2.2, donde los ... • https://huntr.com/bounties/4acfef85-dedf-43bd-8438-0d8aaa4ffa01 • CWE-284: Improper Access Control CWE-639: Authorization Bypass Through User-Controlled Key •