How severe is CVE-2024-1739?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-1739?

This is classified as CWE-821, which is a common weakness in software security.

CVE-2024-1739

HIGH Year: 2024

CVSS v3 Score

7.5

High

Weakness Type

CWE-821

View all →

Vulnerability Description

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for '[email protected]' and '[email protected]' can both be created, leading to potential impersonation and confusion among users.

CVE-2024-1902

HIGH

CVSS:7.5(High)

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to c...

CWE-8212024

CVE-2023-5088

HIGH

CVSS:7.0(High)

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for...

CWE-8212023

CVE-2024-7043

HIGH

CVSS:8.1(High)

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowi...

CWE-8212024

CVE-2024-6657

MEDIUM

CVSS:6.5(Medium)

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recove...

CWE-8212024