PT-2024-9680 · Lunary · Lunary

Published

2024-10-29

Updated

2024-11-04

CVE-2024-7475

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Lunary version 1.3.2

Description The issue is related to insufficient access control, allowing a remote attacker to impact the confidentiality and integrity of protected information by updating the SAML configuration. This can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information.

Recommendations For version 1.3.2, implement appropriate access controls to ensure that the SAML configuration can only be updated by authorized users. As a temporary workaround, consider restricting access to the SAML configuration update functionality until a patch is available.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

BDU:2024-11392

CVE-2024-7475

Affected Products

Lunary

PT-2024-9680 · Lunary · Lunary

CVE-2024-7475

Weakness Enumeration

Related Identifiers

Affected Products

References · 8