Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsAPILifetime Access
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2024-7475: CWE-862 Missing Authorization in lunary-ai lunary-ai/lunary

0
Critical
VulnerabilityCVE-2024-7475cvecve-2024-7475cwe-862
Published: Tue Oct 29 2024 (10/29/2024, 12:45:53 UTC)
Source: CVE Database V5
Vendor/Project: lunary-ai
Product: lunary-ai/lunary

Description

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.

Technical Details

Data Version
5.1
Assigner Short Name
@huntr_ai
Date Reserved
2024-08-04T14:06:01.221Z
Cvss Version
3.0
State
PUBLISHED

Threat ID: 68ef9b2b178f764e1f470d8f

Added to database: 10/15/2025, 1:01:31 PM

Last updated: 10/15/2025, 1:01:33 PM

Views: 1

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2024-8060: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in open-webui open-webui/open-webui

High
VulnerabilityWed Oct 15 2025

CVE-2024-8057: CWE-306 Missing Authentication for Critical Function in danswer-ai danswer-ai/danswer

Medium
VulnerabilityWed Oct 15 2025

CVE-2024-8055: CWE-89 Improper Neutralization of Special Elements used in an SQL Command in vanna-ai vanna-ai/vanna

High
VulnerabilityWed Oct 15 2025

CVE-2024-8028: CWE-770 Allocation of Resources Without Limits or Throttling in danswer-ai danswer-ai/danswer

High
VulnerabilityWed Oct 15 2025

CVE-2024-8020: CWE-248 Uncaught Exception in lightning-ai lightning-ai/pytorch-lightning

High
VulnerabilityWed Oct 15 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats