Lucene search
K

4 matches found

OSV
OSV
added 2024/04/16 12:15 a.m.22 views

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

5.3CVSS6.7AI score0.00457EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.20 views

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

7.5CVSS6.7AI score0.00457EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.20 views

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

7.5CVSS7.7AI score0.00457EPSS
Exploits1References2
CVE
CVE
added 2024/04/16 12:0 a.m.65 views

CVE-2024-1666

CVE-2024-1666 affects lunary-ai/lunary 1.0.0, where an authorization flaw allows unauthorized radar creation. The root cause is missing server-side checks to verify a user’s paid/upgraded status during radar creation (enforced only in the web UI). Attackers can bypass account upgrade requirements...

7.5CVSS7.5AI score0.00457EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder