Overview
- Description
- An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.
- Source
- security@huntr.dev
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- security@huntr.dev
- CWE-284
Social media
- Hype score
- Not currently trending
馃毃 Critical SAML Misconfiguration Vulnerability in lunary-#ai/lunary (#CVE-2024-7475) https://t.co/AYsiDJurDR
@UndercodeNews
4 Nov 2024
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-7475: CRITICAL] Improper access control in lunary-ai/lunary v1.3.2 allows unauthorized SAML config updates, risking authentication manipulation, fake logins & user data theft. Enforce strict access contr...#cybersecurity,#vulnerability https://t.co/YK8zBMywai https:
@CveFindCom
29 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FD5C422-483D-4A50-A6B8-25C1352C3F46",
"versionEndExcluding": "1.3.4"
}
],
"operator": "OR"
}
]
}
]