CVE-2024-7475

CRITICAL

lunary < 1.3.4 - Unauthenticated SAML Configuration Update

Title source: llm
STIX 2.1

Description

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.

Scores

CVSS v3 9.1
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
lunary/lunary < 1.3.4
Published Oct 29, 2024
Tracked Since Feb 18, 2026