CVE-2024-1902 (GCVE-0-2024-1902)
Vulnerability from cvelistv5 – Published: 2024-04-10 17:08 – Updated: 2024-08-01 18:56
VLAI?
Summary
lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.
Severity ?
7.5 (High)
CWE
- CWE-821 - Incorrect Synchronization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| lunary-ai | lunary-ai/lunary |
Affected:
unspecified , < 1.2.8
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.2.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1902",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:42:52.325488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:47:37.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lunary-ai/lunary",
"vendor": "lunary-ai",
"versions": [
{
"lessThan": "1.2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization\u0027s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-821",
"description": "CWE-821 Incorrect Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:33.420Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"
},
{
"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"
}
],
"source": {
"advisory": "e536310e-abe7-4585-9cf6-21f77390a5e8",
"discovery": "EXTERNAL"
},
"title": "Session Reuse Vulnerability in lunary-ai/lunary"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1902",
"datePublished": "2024-04-10T17:08:05.267Z",
"dateReserved": "2024-02-26T19:31:07.972Z",
"dateUpdated": "2024-08-01T18:56:22.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.8\", \"matchCriteriaId\": \"861B7DD6-6AAA-48C1-94F7-687729B042B6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization\u0027s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.\"}, {\"lang\": \"es\", \"value\": \"lunary-ai/lunary es vulnerable a un ataque de reutilizaci\\u00f3n de sesi\\u00f3n, lo que permite que un usuario eliminado cambie el nombre de la organizaci\\u00f3n sin la autorizaci\\u00f3n adecuada. La vulnerabilidad surge de la falta de validaci\\u00f3n para verificar si un usuario todav\\u00eda es parte de una organizaci\\u00f3n antes de permitirle realizar cambios. Un atacante puede aprovechar esto utilizando un token de autorizaci\\u00f3n antiguo para enviar una solicitud PATCH, modificando el nombre de la organizaci\\u00f3n incluso despu\\u00e9s de haber sido eliminada de ella. Este problema se debe a una sincronizaci\\u00f3n incorrecta y afecta la ruta orgs.patch.\"}]",
"id": "CVE-2024-1902",
"lastModified": "2025-01-10T14:29:55.370",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-10T17:15:53.680",
"references": "[{\"url\": \"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\"]}, {\"url\": \"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-821\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1902\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-04-10T17:15:53.680\",\"lastModified\":\"2025-01-10T14:29:55.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization\u0027s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.\"},{\"lang\":\"es\",\"value\":\"lunary-ai/lunary es vulnerable a un ataque de reutilizaci\u00f3n de sesi\u00f3n, lo que permite que un usuario eliminado cambie el nombre de la organizaci\u00f3n sin la autorizaci\u00f3n adecuada. La vulnerabilidad surge de la falta de validaci\u00f3n para verificar si un usuario todav\u00eda es parte de una organizaci\u00f3n antes de permitirle realizar cambios. Un atacante puede aprovechar esto utilizando un token de autorizaci\u00f3n antiguo para enviar una solicitud PATCH, modificando el nombre de la organizaci\u00f3n incluso despu\u00e9s de haber sido eliminada de ella. Este problema se debe a una sincronizaci\u00f3n incorrecta y afecta la ruta orgs.patch.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-821\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"861B7DD6-6AAA-48C1-94F7-687729B042B6\"}]}]}],\"references\":[{\"url\":\"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:56:22.480Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1902\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T20:42:52.325488Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*\"], \"vendor\": \"lunary-ai\", \"product\": \"lunary\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.2.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T20:47:13.490Z\"}}], \"cna\": {\"title\": \"Session Reuse Vulnerability in lunary-ai/lunary\", \"source\": {\"advisory\": \"e536310e-abe7-4585-9cf6-21f77390a5e8\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"lunary-ai\", \"product\": \"lunary-ai/lunary\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.2.8\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8\"}, {\"url\": \"https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization\u0027s name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-821\", \"description\": \"CWE-821 Incorrect Synchronization\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2024-04-16T11:10:33.420Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1902\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:56:22.480Z\", \"dateReserved\": \"2024-02-26T19:31:07.972Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-04-10T17:08:05.267Z\", \"assignerShortName\": \"@huntr_ai\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…