Lucene search

[email protected]NVD:CVE-2024-5755

HistoryJun 27, 2024 - 7:15 p.m.

CVE-2024-5755

2024-06-2719:15:16

CWE-821

[email protected]

web.nvd.nist.gov

lunary

email validation

dot character

incorrect synchronization

security issues

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character (‘.’) in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., ‘[email protected]’ and ‘[email protected]’), leading to incorrect synchronization and potential security issues.

References

huntr.com/bounties/cf337d37-e602-482b-aa7a-9e34e7f13e1f

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-5755

vulnrichment1 cvelist1 cve1