CVE-2024-7475
CRITICALlunary < 1.3.4 - Unauthenticated SAML Configuration Update
Title source: llmDescription
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126
Scores
CVSS v3
9.1
EPSS
0.0063
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
lunary/lunary
< 1.3.4
Published
Oct 29, 2024
Tracked Since
Feb 18, 2026