{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6087", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-17T17:49:59.828Z", "datePublished": "2024-09-13T16:12:15.921Z", "dateUpdated": "2025-10-15T12:49:46.200Z"}, "containers": {"cna": {"title": "Improper Access Control in lunary-ai/lunary", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:46.200Z"}, "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover."}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"version": "unspecified", "lessThan": "1.4.9", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/bd9f2301-11c7-4cbd-8d77-3e9225bd67e8"}, {"url": "https://github.com/lunary-ai/lunary/commit/844e8855c7a713dc7371766dba4125de4007b1cf"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639"}]}], "source": {"advisory": "bd9f2301-11c7-4cbd-8d77-3e9225bd67e8", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "lunary-ai", "product": "lunary-ai\\/lunary", "cpes": ["cpe:2.3:a:lunary-ai:lunary-ai\\/lunary:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.4.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-13T16:40:08.542070Z", "id": "CVE-2024-6087", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T16:40:45.803Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6087", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-13T16:40:08.542070Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lunary-ai:lunary-ai\\/lunary:*:*:*:*:*:*:*:*"], "vendor": "lunary-ai", "product": "lunary-ai\\/lunary", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T16:40:36.674Z"}}], "cna": {"title": "Improper Access Control in lunary-ai/lunary", "source": {"advisory": "bd9f2301-11c7-4cbd-8d77-3e9225bd67e8", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "lunary-ai", "product": "lunary-ai/lunary", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.4.9", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/bd9f2301-11c7-4cbd-8d77-3e9225bd67e8"}, {"url": "https://github.com/lunary-ai/lunary/commit/844e8855c7a713dc7371766dba4125de4007b1cf"}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-09-13T16:12:15.921Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6087", "state": "PUBLISHED", "dateUpdated": "2024-09-13T16:40:45.803Z", "dateReserved": "2024-06-17T17:49:59.828Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-09-13T16:12:15.921Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C97FEE4-5604-4DA0-B695-116366C729AB", "versionEndExcluding": "1.4.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso indebido en lunary-ai/lunary en la \u00faltima confirmaci\u00f3n (a761d83) en la rama principal. La vulnerabilidad permite a un atacante utilizar los tokens de autenticaci\u00f3n emitidos por la funci\u00f3n \"invitar usuario\" para obtener tokens JWT v\u00e1lidos. Estos tokens se pueden utilizar para comprometer a los usuarios objetivo al registrarse en sus propias organizaciones arbitrarias. El atacante puede invitar a un correo electr\u00f3nico objetivo, obtener un token de uso \u00fanico, retractarse de la invitaci\u00f3n y, m\u00e1s tarde, utilizar el token para restablecer la contrase\u00f1a del usuario objetivo, lo que lleva a la toma de control total de la cuenta."}], "id": "CVE-2024-6087", "lastModified": "2025-10-15T13:15:49.437", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-13T17:15:13.027", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/lunary-ai/lunary/commit/844e8855c7a713dc7371766dba4125de4007b1cf"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/bd9f2301-11c7-4cbd-8d77-3e9225bd67e8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}