CVE-2024-7474 - Lunary AI Lunary Unauthenticated External User Data Access

3 weeks ago 9
ARTICLE AD BOX
CVE ID : CVE-2024-7474
Published : Oct. 29, 2024, 1:15 p.m. | 24 minutes ago
Description : In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article