CWE-1125

Excessive Attack Surface

1 CVEs Avg CVSS 8.8 MITRE

0

CRITICAL

1

HIGH

0

MEDIUM

0

LOW

1

POC

0

KEV

Monthly

CVE-2024-5386 HIGH POC This Week

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. [CVSS 8.8 HIGH]

Information Disclosure AI / ML Lunary

NVD GitHub

CVSS 3.1

8.8

EPSS

0.1%

CVE-2024-5386

EPSS 0% CVSS 8.8

HIGH POC This Week

In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's account by obtaining the password reset token. [CVSS 8.8 HIGH]

Information Disclosure AI / ML Lunary

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy