What is the severity of CVE-2024-5328?

CVE-2024-5328 is classified with a high severity due to its potential to facilitate unauthorized access to sensitive information.

How do I fix CVE-2024-5328?

To mitigate CVE-2024-5328, you should implement strict validation of user-supplied URLs in the affected endpoint.

What applications are affected by CVE-2024-5328?

CVE-2024-5328 affects the lunary-ai/lunary application on all versions.

What type of vulnerability is CVE-2024-5328?

CVE-2024-5328 is a Server-Side Request Forgery (SSRF) vulnerability.

Can CVE-2024-5328 lead to further attacks?

Yes, CVE-2024-5328 can be exploited to perform further attacks by accessing internal services or systems.

Vulnerability/
CVE-2024-5328

critical

9.3

CWE

918

EPSS

0.077%

6/6/2024

21/11/2024

CVE-2024-5328: SSRF Vulnerability in lunary-ai/lunary

First published: Thu Jun 06 2024(Updated: )

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint, allowing them to make unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. The issue affects the latest version of the application as of the report.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
lunary lunary

Never miss a vulnerability like this again

Reference Links

https://huntr.com/bounties/80b09757-d9a0-44d1-932f-2461fc8fec69

Frequently Asked Questions

What is the severity of CVE-2024-5328?
CVE-2024-5328 is classified with a high severity due to its potential to facilitate unauthorized access to sensitive information.
How do I fix CVE-2024-5328?
To mitigate CVE-2024-5328, you should implement strict validation of user-supplied URLs in the affected endpoint.
What applications are affected by CVE-2024-5328?
CVE-2024-5328 affects the lunary-ai/lunary application on all versions.
What type of vulnerability is CVE-2024-5328?
CVE-2024-5328 is a Server-Side Request Forgery (SSRF) vulnerability.
Can CVE-2024-5328 lead to further attacks?
Yes, CVE-2024-5328 can be exploited to perform further attacks by accessing internal services or systems.

agent/references
agent/weakness
agent/title
agent/description
agent/type
agent/first-publish-date
agent/author
agent/event
agent/severity
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/lunary
canonical/lunary lunary

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.