CVE-2024-5129 - OpenCVE

A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lunary	Lunary

Configuration 1 [-]

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776
https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44

History

Thu, 03 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lunary Lunary lunary
CPEs		cpe:2.3:a:lunary:lunary::::::::
Vendors & Products		Lunary Lunary lunary
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:28:21.030Z

Updated: 2024-08-01T21:03:10.779Z

Reserved: 2024-05-19T17:53:42.474Z

Link: CVE-2024-5129

Vulnrichment

Updated: 2024-08-01T21:03:10.779Z

NVD

Status : Analyzed

Published: 2024-06-06T19:16:04.583

Modified: 2024-10-03T16:56:02.837

Link: CVE-2024-5129

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5129", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-05-19T17:53:42.474Z", "datePublished": "2024-06-06T18:28:21.030Z", "dateUpdated": "2024-08-01T21:03:10.779Z"}, "containers": {"cna": {"title": "Privilege Escalation Vulnerability in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:28:21.030Z"}, "descriptions": [{"lang": "en", "value": "A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.2.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44"}, {"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "baseScore": 8.2, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862"}]}], "source": {"advisory": "a6c0deb3-6a4c-4188-8aaa-9e6207f82f44", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "lunary-ai", "product": "lunary", "cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2.8", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-07T15:13:14.009700Z", "id": "CVE-2024-5129", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T15:13:22.112Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.779Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44", "tags": ["x_transferred"]}, {"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:03:10.779Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5129", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T15:13:14.009700Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lunary-ai:lunary:*:*:*:*:*:*:*:*"], "vendor": "lunary-ai", "product": "lunary", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.8", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-07T14:59:59.889Z"}}], "cna": {"title": "Privilege Escalation Vulnerability in lunary-ai/lunary", "source": {"advisory": "a6c0deb3-6a4c-4188-8aaa-9e6207f82f44", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.2.8", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44"}, {"url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776"}], "descriptions": [{"lang": "en", "value": "A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-06-06T18:28:21.030Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5129", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:03:10.779Z", "dateReserved": "2024-05-19T17:53:42.474Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-06-06T18:28:21.030Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "861B7DD6-6AAA-48C1-94F7-687729B042B6", "versionEndExcluding": "1.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios en lunary-ai/lunary versi\u00f3n 1.2.2, donde cualquier usuario puede eliminar cualquier conjunto de datos debido a que faltan verificaciones de autorizaci\u00f3n. La vulnerabilidad est\u00e1 presente en la funcionalidad de eliminaci\u00f3n del conjunto de datos, donde la aplicaci\u00f3n no puede verificar si el usuario que solicita la eliminaci\u00f3n tiene los permisos adecuados. Esto permite a usuarios no autorizados enviar una solicitud DELETE al servidor y eliminar cualquier conjunto de datos especificando su ID. El problema se encuentra en la funci\u00f3n datasets.delete dentro del archivo de \u00edndice de conjuntos de datos."}], "id": "CVE-2024-5129", "lastModified": "2024-10-03T16:56:02.837", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-06T19:16:04.583", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/a6c0deb3-6a4c-4188-8aaa-9e6207f82f44"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@huntr.dev", "type": "Secondary"}]}