- Description
- An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.
- Source
- security@huntr.dev
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- nvd@nist.gov
- NVD-CWE-Other
- security@huntr.dev
- CWE-284
- Hype score
- Not currently trending
🚨 Critical SAML Misconfiguration Vulnerability in lunary-#ai/lunary (#CVE-2024-7475) https://t.co/AYsiDJurDR
@UndercodeNews
4 Nov 2024
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-7475: CRITICAL] Improper access control in lunary-ai/lunary v1.3.2 allows unauthorized SAML config updates, risking authentication manipulation, fake logins & user data theft. Enforce strict access contr...#cybersecurity,#vulnerability https://t.co/YK8zBMywai https:
@CveFindCom
29 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FD5C422-483D-4A50-A6B8-25C1352C3F46",
"versionEndExcluding": "1.3.4"
}
],
"operator": "OR"
}
]
}
]