Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-1666
Analyzed
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-16 Apr, 2024 | 00:15
Updated At-10 Jan, 2025 | 14:34

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Lunary LLC
lunary
>>lunary>>Versions before 1.2.7(exclusive)
cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Secondarysecurity@huntr.dev
CWE ID: CWE-770
Type: Secondary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0security@huntr.dev
Patch
https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54af854a3a-2127-422b-91ae-364da2661108
Patch
https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://huntr.com/bounties/0f310501-b5b0-4be0-ae38-d6b836f71ff0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Change History
0Changes found
Details not found