CVE-2024-11301

In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd	Patch
https://huntr.com/bounties/3d99aca5-b135-4833-b48b-7806bc4bf861	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-07-02 19:48

NVD link : CVE-2024-11301

Mitre link : CVE-2024-11301

CVE.ORG link : CVE-2024-11301

JSON object : View

Products Affected

lunary

lunary

CWE

CWE-837

Improper Enforcement of a Single, Unique Action

{"id": "CVE-2024-11301", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:24.890", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/79dc370596d979b756f6ea0250d97a2d02385ecd", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/3d99aca5-b135-4833-b48b-7806bc4bf861", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-837"}]}], "descriptions": [{"lang": "en", "value": "In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality."}, {"lang": "es", "value": "En lunary-ai/lunary, versiones anteriores a la 1.6.3, la aplicaci\u00f3n permite la creaci\u00f3n de evaluadores sin imponer una restricci\u00f3n \u00fanica en la combinaci\u00f3n de projectId y slug. Esto permite a un atacante sobrescribir datos existentes al enviar una solicitud POST con el mismo slug que un evaluador existente. La falta de restricciones en la base de datos o validaci\u00f3n en la capa de aplicaci\u00f3n para evitar duplicados expone la aplicaci\u00f3n a problemas de integridad de datos. Esta vulnerabilidad puede provocar la corrupci\u00f3n de datos y posibles acciones maliciosas, lo que afecta la funcionalidad del sistema."}], "lastModified": "2025-07-02T19:48:49.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8E98F12-737E-4F73-B80A-71F7DA277455", "versionEndExcluding": "1.6.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}