An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary
Lunary lunary |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary
Lunary lunary |
Tue, 29 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lunary-ai
Lunary-ai lunary-ai\/lunary |
|
CPEs | cpe:2.3:a:lunary-ai:lunary-ai\/lunary:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lunary-ai
Lunary-ai lunary-ai\/lunary |
|
Metrics |
cvssV3_1
|
Tue, 29 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users. | |
Title | Improper Access Control in lunary-ai/lunary | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-10-29T12:45:53.136Z
Updated: 2024-10-29T13:49:59.803Z
Reserved: 2024-08-04T14:06:01.221Z
Link: CVE-2024-7475
Vulnrichment
Updated: 2024-10-29T13:49:52.962Z
NVD
Status : Analyzed
Published: 2024-10-29T13:15:09.737
Modified: 2024-11-04T13:55:37.233
Link: CVE-2024-7475
Redhat
No data.