U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2024-4153

Change History

CVE Translated by huntr.dev 6/07/2024 1:15:51 PM

Action Type Old Value New Value
Removed Translation 
Title: huntr.dev
Description: Una vulnerabilidad en lunary-ai/lunary versión 1.2.2 permite a los atacantes eludir los límites de creación de usuarios y potencialmente evadir los requisitos de pago. El problema surge de un comportamiento indefinido al manejar la entrada a la API, específicamente a través de una solicitud POST al endpoint /v1/users. Al elaborar una solicitud con el correo electrónico de un nuevo usuario y asignarle una función de "administrador", los atacantes pueden invitar a usuarios adicionales más allá del límite establecido. Esta vulnerabilidad podría aprovecharse para agregar un número ilimitado de usuarios sin cumplir con las restricciones previstas.
 

								
								
					

				
			




		

	
		

			 
			

				CVE Modified by huntr.dev 6/07/2024 1:15:51 PM
			



			

				 
					

						Action
						Type
						Old Value
						New Value
					

				
				
					

						Changed
						Description
						
							
							
								
							
								
A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to bypass user creation limits and potentially evade payment requirements. The issue arises from an undefined behavior when handling input to the API, specifically through a POST request to the /v1/users endpoint. By crafting a request with a new user's email and assigning them an 'admin' role, attackers can invite additional users beyond the set limit. This vulnerability could be exploited to add an unlimited number of users without adhering to the intended restrictions.

								
							
							
								
							
						
								
							
								
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

								
								
					

					

						Removed
						CVSS V3
						
							
							
								
							
								
huntr.dev AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						CWE
						
							
							
								
							
								
huntr.dev CWE-475

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
huntr.dev https://huntr.com/bounties/336db0ae-fe33-44b9-ba9d-bf117e0d90c4

								
							
							
								
							
						
								
							
								

								
								
					

				
			




		

	
		

			 
			

				CVE Rejected by huntr.dev 6/07/2024 1:15:51 PM
			



			

				 
					

						Action
						Type
						Old Value
						New Value