CVE-2024-7475

CVSS V2 None CVSS V3 None

Description

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.

Overview

CVE ID
CVE-2024-7475

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-10-29T12:45:53.136Z

Last Modified Date
2024-10-29T13:49:59.803Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126
https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7475
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7475

History

Created	Old Value	New Value	Data Type	Notes
2024-10-30 13:19:13				Added to TrackCVE