Lunary AI Evaluator Overwrite Vulnerability

A vulnerability in Lunary AI's application prior to version 1.6.3 allows the creation of evaluators without a unique constraint on the combination of projectId and slug. This oversight enables an attacker to overwrite existing evaluators by submitting a POST request with a duplicate slug. The absence of proper database constraints or application-level validation to prevent such duplicates leads to data integrity issues, potentially allowing for corrupted data and malicious actions that could disrupt the application's functionality.

Impact

Exploiting this vulnerability allows for the replacement of existing evaluator records with attacker-controlled data. This could corrupt the application's data and functionality, especially if critical evaluators, which are run by a language model, are overwritten. Such actions could impair the system's overall performance, particularly if the affected evaluators are used in key application processes, like enhancing data runs.

Reproduction

To reproduce this vulnerability, first ensure the application is running and accessible. Open the dashboard, inspect a request to copy the bearer token and project ID. Then, create an initial evaluator by sending a POST request to the evaluators endpoint with a unique slug, project ID, and other required data. After the evaluator is created, send another POST request to the same endpoint using the same slug as the existing evaluator, but with different data. This will overwrite the original evaluator, demonstrating the vulnerability.

Remediation

Users can update to Lunary AI version 1.6.3 or later, where this vulnerability has been fixed.