High

lunary

SSRF Vulnerability in Authentication API Endpoint

A Server-Side Request Forgery (SSRF) vulnerability was identified in the authentication API endpoint of the lunary-ai/lunary application, specifically in the '/download-idp-xml' route. This vulnerability allows attackers to make unauthorized requests to internal or external resources. The affected version is the latest, and a patch has not been specified.

Available publicly on May 25 2024

8.6

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Threat Overview

The SSRF vulnerability in the lunary-ai/lunary application arises from the improper validation of user-supplied URLs in the '/download-idp-xml' endpoint. By exploiting this vulnerability, attackers can send requests to arbitrary URLs, potentially accessing sensitive information or interacting with internal services. This flaw can lead to information disclosure, unauthorized access to internal systems, and could be leveraged to perform more sophisticated attacks against the application or its infrastructure.

Attack Scenario

An attacker first registers and logs into the application to obtain a valid authentication token. They then craft a malicious request to the vulnerable '/download-idp-xml' endpoint, including a URL pointing to an attacker-controlled server or an internal service within the request body. The application fetches the URL without proper validation, allowing the attacker to interact with internal services or capture sensitive data relayed by the application.

Who is affected

The vulnerability affects any user or system that interacts with the vulnerable endpoint in the lunary-ai/lunary application. Specifically, it impacts organizations that have deployed this application in their environment, potentially exposing their internal services or sensitive data to unauthorized access by attackers.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.