Cyber Resilience

CVE-2024-1902

HighPublic PoC

Published: 10 April 2024

Published
10 April 2024
Modified
10 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0010 27.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-1902 is a high-severity Incorrect Synchronization (CWE-821) vulnerability in Lunary Lunary. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cloud Accounts (T1078.004); ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.

EU & UK References

Vulnerability details

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before…

more

allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Lunary-ai/lunary is an open-source LLM observability and management platform, fitting as an 'Other Platforms' category for AI/ML tools, as confirmed by the AI/ML bug bounty context on Huntr.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.004 Cloud Accounts Stealth
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1651 Cloud Administration Command Execution
Adversaries may abuse cloud management services to execute commands within virtual machines.
Why these techniques?

The vulnerability allows reuse of stale authorization tokens by removed users to perform unauthorized PATCH requests modifying organization settings via the cloud API, facilitating Valid Accounts (Cloud Accounts) for persistence and Cloud Administration Command for execution.

Affected Assets

lunary
lunary
≤ 1.2.8

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References