CVE-2024-7475

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-284
View all →

Vulnerability Description

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate access controls should be implemented to ensure that the SAML configuration can only be updated by authorized users.

Related Vulnerabilities

CVE-2013-5654

CRITICAL
CVSS:9.1(Critical)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

CWE-2842013

CVE-2015-1000009

CRITICAL
CVSS:9.1(Critical)

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

CWE-2842015

CVE-2015-8361

CRITICAL
CVSS:9.1(Critical)

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, o...

CWE-2842015

CVE-2016-4501

CRITICAL
CVSS:9.1(Critical)

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via u...

CWE-2842016

CVE-2016-4694

CRITICAL
CVSS:9.1(Critical)

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data ...

CWE-2842016

CVE-2016-5599

CRITICAL
CVSS:9.1(Critical)

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integ...

CWE-2842016