3 matches found
CVE-2024-5277 Weak Password Recovery Mechanism in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...
CVE-2024-5277
CVE-2024-5277 affects lunary-ai/lunary 1.2.4. The reset password mechanism does not invalidate the token after use, allowing reuse of a compromised recovery token to repeatedly change a victim’s password. Impact described as unauthorized account access with high confidentiality/integrity impact; ...
CVE-2024-5277 Weak Password Recovery Mechanism in lunary-ai/lunary
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the...