CVE-2024-5277

{"id": "CVE-2024-5277", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2024-06-06T18:15:20.087", "references": [{"url": "https://huntr.com/bounties/6aaba769-d99c-48cf-90d2-7abad984213d", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the backend's handling of the reset password process, where the token, once used, is not discarded or invalidated, enabling its reuse. This vulnerability could lead to unauthorized account access if an attacker obtains the recovery token."}, {"lang": "es", "value": "En lunary-ai/lunary versi\u00f3n 1.2.4, existe una vulnerabilidad en el mecanismo de recuperaci\u00f3n de contrase\u00f1a donde el token de restablecimiento de contrase\u00f1a no se invalida despu\u00e9s de su uso. Esto permite que un atacante que comprometa el token de recuperaci\u00f3n cambie repetidamente la contrase\u00f1a de la cuenta de la v\u00edctima. El problema radica en el manejo del backend del proceso de restablecimiento de contrase\u00f1a, donde el token, una vez utilizado, no se descarta ni se invalida, lo que permite su reutilizaci\u00f3n. Esta vulnerabilidad podr\u00eda provocar un acceso no autorizado a la cuenta si un atacante obtiene el token de recuperaci\u00f3n."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}