CVE-2024-1902 - OpenCVE

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2
https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-10T17:08:05.267Z

Updated: 2024-08-01T18:56:22.480Z

Reserved: 2024-02-26T19:31:07.972Z

Link: CVE-2024-1902

Vulnrichment

Updated: 2024-08-01T18:56:22.480Z

NVD

Status : Awaiting Analysis

Published: 2024-04-10T17:15:53.680

Modified: 2024-04-15T18:15:10.070

Link: CVE-2024-1902

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1902", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-02-26T19:31:07.972Z", "datePublished": "2024-04-10T17:08:05.267Z", "dateUpdated": "2024-08-01T18:56:22.480Z"}, "containers": {"cna": {"title": "Session Reuse Vulnerability in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:33.420Z"}, "descriptions": [{"lang": "en", "value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.2.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"}, {"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-821 Incorrect Synchronization", "cweId": "CWE-821"}]}], "source": {"advisory": "e536310e-abe7-4585-9cf6-21f77390a5e8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "lunary-ai", "product": "lunary", "cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T20:42:52.325488Z", "id": "CVE-2024-1902", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T20:47:37.326Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.480Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.480Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1902", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-31T20:42:52.325488Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "vendor": "lunary-ai", "product": "lunary", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T20:47:13.490Z"}}], "cna": {"title": "Session Reuse Vulnerability in lunary-ai/lunary", "source": {"advisory": "e536310e-abe7-4585-9cf6-21f77390a5e8", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.2.8", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"}, {"url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"}], "descriptions": [{"lang": "en", "value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-821", "description": "CWE-821 Incorrect Synchronization"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-04-16T11:10:33.420Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1902", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:56:22.480Z", "dateReserved": "2024-02-26T19:31:07.972Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-04-10T17:08:05.267Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route."}, {"lang": "es", "value": "lunary-ai/lunary es vulnerable a un ataque de reutilizaci\u00f3n de sesi\u00f3n, lo que permite que un usuario eliminado cambie el nombre de la organizaci\u00f3n sin la autorizaci\u00f3n adecuada. La vulnerabilidad surge de la falta de validaci\u00f3n para verificar si un usuario todav\u00eda es parte de una organizaci\u00f3n antes de permitirle realizar cambios. Un atacante puede aprovechar esto utilizando un token de autorizaci\u00f3n antiguo para enviar una solicitud PATCH, modificando el nombre de la organizaci\u00f3n incluso despu\u00e9s de haber sido eliminada de ella. Este problema se debe a una sincronizaci\u00f3n incorrecta y afecta la ruta orgs.patch."}], "id": "CVE-2024-1902", "lastModified": "2024-04-15T18:15:10.070", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-04-10T17:15:53.680", "references": [{"source": "security@huntr.dev", "url": "https://github.com/lunary-ai/lunary/commit/d8e2e73efd53ab4e92cf47bbf4b639a9f08853d2"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-821"}], "source": "security@huntr.dev", "type": "Secondary"}]}