CVE-2024-1643

CVSS V2 None CVSS V3 None

Description

By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.

Overview

CVE ID
CVE-2024-1643

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-04-10T17:07:57.614Z

Last Modified Date
2024-04-16T11:10:28.384Z

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/ce2563a2-3d81-4e2e-954e-abecb9332416
https://github.com/lunary-ai/lunary/commit/67eaefe1c77c882c628780940c704a117b561d51

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-1643
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1643

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 05:46:47				Added to TrackCVE