CVE-2024-7474

Name of the Vulnerable Software and Affected Versions lunary-ai/lunary version 1.3.2

Description The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability, which allows unauthorized access to external user data by manipulating the id parameter in the request URL. This can enable a remote attacker to impact the integrity and confidentiality of protected information. The application fails to perform adequate checks on the id parameter, allowing users to view or delete external users.

Recommendations For version 1.3.2, consider restricting access to the id parameter in the request URL to prevent unauthorized access to external user data. As a temporary workaround, restrict the ability to manipulate the id parameter until a patch is available. Additionally, ensure that adequate checks are performed on the id parameter to prevent IDOR vulnerabilities.