icon

We found results for “

CVE-2024-10274

Good to know:

icon

Date: March 20, 2025

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized users to access sensitive information about all team members in the current organization. This vulnerability can lead to the disclosure of sensitive information such as names, roles, or emails to users without sufficient privileges, resulting in privacy violations and potential reconnaissance for targeted attacks.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/lunary-ai/lunary.git - v1.5.7

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us