CVE-2024-7474

CVSS V2 None CVSS V3 None

Description

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.

Overview

CVE ID
CVE-2024-7474

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-10-29T12:46:34.965Z

Last Modified Date
2024-10-29T13:42:36.776Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871
https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7474
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7474

History

Created	Old Value	New Value	Data Type	Notes
2024-10-30 13:19:56				Added to TrackCVE