CVE-2024-1666 – In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized …

16 April 2024

Vuln ID: CVE-2024-1666

Published: 2024-04-16 00:15:10.330

Description: In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment.

Base Score: –

Vector:

Source: NVD.NIST.GOV

Date:

16 April 2024

Categorie(s):

NVD

Tag(s):

NVD

London Drugs closes all of its pharmacies following ‘cybersecurity incident’29 April 2024
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen29 April 2024
What to know about AI at this year’s RSA Conference29 April 2024
Atos: French State Offers Non-Binding Intent to Acquire Cybersecurity and Computing Assets29 April 2024
Stop Managing Identities, Segment them Instead29 April 2024