CVE-2024-7474 Information

Description

In version 1.3.2 of lunary-ai/lunary an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the ‘id’ parameter in the request URL. The application does not perform adequate checks on the ‘id’ parameter allowing unauthorized access to external user data.

Reference

https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871 https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5