Home > Vulnerability Database > CVE-2024-7474

Mend.io Vulnerability Database

CVE-2024-7474

Date: October 29, 2024

In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access to external user data.

Language: TYPE_SCRIPT

Severity Score

9.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-7474

Url: https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

Url: https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871

Url: https://www.mend.io/vulnerability-database/CVE-2024-7474

Severity Score

9.1

Weakness Type (CWE)

Improper Access Control

CWE-284

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-7474

Date: October 29, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?