Lucene search

GoogleOSV:CVE-2024-3761

HistoryMay 20, 2024 - 9:15 a.m.

CVE-2024-3761

2024-05-2009:15:09

Google

osv.dev

lunary

version 1.2.2

delete endpoint

unauthorized deletion

authentication

authorization

vulnerability

data loss

disruption of service

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a dataset by sending a DELETE request to the endpoint. The issue was fixed in version 1.2.8. The impact of this vulnerability is significant as it permits unauthorized users to delete datasets, potentially leading to data loss or disruption of service.

CPENameOperatorVersion
lunaryeq1.2.5
lunaryeq1.1.0
lunaryeq0.3.0
lunaryeq1.2.6
lunaryeq0.1.1
lunaryeq1.2.0
lunaryeq1.0.0
lunaryeq0.2.1
lunaryeq1.0.1
lunaryeq1.0.2

Name	Operator	Version
lunary	eq	1.2.5
lunary	eq	1.1.0
lunary	eq	0.3.0
lunary	eq	1.2.6
lunary	eq	0.1.1
lunary	eq	1.2.0
lunary	eq	1.0.0
lunary	eq	0.2.1
lunary	eq	1.0.1
lunary	eq	1.0.2

Rows per page:

1-10 of 221

References

github.com/lunary-ai/lunary/commit/14078c1d2b8766075bf655f187ece24c7a787776

huntr.com/bounties/e95fb0a0-e54a-4da8-a33d-ba858d0cec55

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for OSV:CVE-2024-3761