CVE-2024-1666 - Vulnerability Details - OpenCVE

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lunary	Lunary

Configuration 1 [-]

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54
https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0

History

Fri, 10 Jan 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lunary Lunary lunary
CPEs		cpe:2.3:a:lunary:lunary::::::::
Vendors & Products		Lunary Lunary lunary
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-16T00:00:13.999Z

Updated: 2024-08-01T18:48:21.497Z

Reserved: 2024-02-20T14:29:27.666Z

Link: CVE-2024-1666

Vulnrichment

Updated: 2024-08-01T18:48:21.497Z

NVD

Status : Analyzed

Published: 2024-04-16T00:15:10.330

Modified: 2025-01-10T14:34:01.473

Link: CVE-2024-1666

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1666", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-20T14:29:27.666Z", "datePublished": "2024-04-16T00:00:13.999Z", "dateUpdated": "2024-08-01T18:48:21.497Z"}, "containers": {"cna": {"title": "Unauthorized Radar Creation in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:47.172Z"}, "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.2.7", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0"}, {"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "source": {"advisory": "0f310501-b5b0-4be0-ae38-d6b836f71ff0", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "lunary-ai", "product": "lunary", "cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T18:16:58.327553Z", "id": "CVE-2024-1666", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:55:07.647Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.497Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:48:21.497Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1666", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-26T18:16:58.327553Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "vendor": "lunary-ai", "product": "lunary", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:54:52.436Z"}}], "cna": {"title": "Unauthorized Radar Creation in lunary-ai/lunary", "source": {"advisory": "0f310501-b5b0-4be0-ae38-d6b836f71ff0", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.2.7", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0"}, {"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54"}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:47.172Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1666", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:48:21.497Z", "dateReserved": "2024-02-20T14:29:27.666Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-16T00:00:13.999Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6989773-CA2D-46FD-AEA6-E6D6F2C01B17", "versionEndExcluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment."}, {"lang": "es", "value": "En lunary-ai/lunary versi\u00f3n 1.0.0, existe una falla de autorizaci\u00f3n que permite la creaci\u00f3n de radares no autorizados. La vulnerabilidad surge de la falta de comprobaciones del lado del servidor para verificar si un usuario tiene una cuenta gratuita durante el proceso de creaci\u00f3n del radar, que s\u00f3lo se aplica en la interfaz de usuario web. Como resultado, los atacantes pueden eludir el requisito de actualizaci\u00f3n de cuenta previsto enviando directamente solicitudes manipuladas al servidor, lo que permite la creaci\u00f3n de una cantidad ilimitada de radares sin pago."}], "id": "CVE-2024-1666", "lastModified": "2025-01-10T14:34:01.473", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-16T00:15:10.330", "references": [{"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54"}, {"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@huntr.dev", "type": "Secondary"}]}