CVE-2024-1739 Vulnerability Details

  /     /     /  

CVE-2024-1739 Metadata Quick Info

CVE Published: 16/04/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: lunary-ai | Product: lunary-ai/lunary
Status : PUBLISHED

---

CVE-2024-1739 Description

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for \'abc@gmail.com\' and \'Abc@gmail.com\' can both be created, leading to potential impersonation and confusion among users.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-821
CWE Name: CWE-821 Incorrect Synchronization
Source: lunary-ai

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).