lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-16T00:00:15.208Z
Updated: 2024-06-04T17:59:27.270Z
Reserved: 2024-02-22T11:35:59.182Z
Link: CVE-2024-1739
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-16T00:15:10.697
Modified: 2024-04-16T13:24:07.103
Link: CVE-2024-1739
JSON object: View
Redhat Information
No data.
CWE