In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The issue lies in the inclusion of the `recovery_token` attribute in the users object returned by the API.
History

Thu, 17 Oct 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Lunary
Lunary lunary
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*
Vendors & Products Lunary
Lunary lunary
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:21:53.548Z

Updated: 2024-08-01T21:03:10.849Z

Reserved: 2024-05-19T18:19:36.613Z

Link: CVE-2024-5133

cve-icon Vulnrichment

Updated: 2024-08-01T21:03:10.849Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:16:05.557

Modified: 2024-11-21T09:47:02.497

Link: CVE-2024-5133

cve-icon Redhat

No data.