CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297
https://huntr.com/bounties/719a5db3-f943-4100-a660-011cadf1bb32

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-06 18:15

Updated : 2024-06-07 14:56

NVD link : CVE-2024-5127

Mitre link : CVE-2024-5127

CVE.ORG link : CVE-2024-5127

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2024-5127", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2024-06-06T18:15:19.000", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/b7bd3a830a0f47ba07d0fd57bf78c4dd8a216297", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/719a5db3-f943-4100-a660-011cadf1bb32", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data."}, {"lang": "es", "value": "En las versiones lunary-ai/lunary 1.2.2 a 1.2.25, una vulnerabilidad de control de acceso inadecuado permite a los usuarios del plan gratuito invitar a otros miembros y asignarles cualquier rol, incluidos aquellos destinados \u00fanicamente a los planes Pagado y Empresarial. Este problema surge debido a una validaci\u00f3n de backend insuficiente de roles y permisos, lo que permite a usuarios no autorizados unirse a un proyecto y potencialmente explotar roles y permisos que no est\u00e1n destinados a su uso. La vulnerabilidad afecta espec\u00edficamente a la funci\u00f3n Equipo, donde el backend no valida si un usuario ha pagado un plan antes de permitirle enviar enlaces de invitaci\u00f3n con cualquier funci\u00f3n asignada. Esto podr\u00eda dar lugar a acceso no autorizado y manipulaci\u00f3n de la configuraci\u00f3n o los datos del proyecto."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}