Vulnerabilities > Lunary > Lunary > 1.2.24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7474 | Unspecified vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-29 | CVE-2024-7475 | Unspecified vulnerability in Lunary An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. | 9.1 |
| 2024-09-13 | CVE-2024-6087 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. | 6.5 |
| 2024-09-13 | CVE-2024-6582 | Missing Authentication for Critical Function vulnerability in Lunary A broken access control vulnerability exists in the latest version of lunary-ai/lunary. | 4.3 |
| 2024-06-06 | CVE-2024-5126 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. | 6.5 |
| 2024-06-06 | CVE-2024-5128 | Unspecified vulnerability in Lunary An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. | 8.8 |
| 2024-06-06 | CVE-2024-5131 | Unspecified vulnerability in Lunary An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. | 6.5 |
| 2024-06-06 | CVE-2024-5248 | Unspecified vulnerability in Lunary In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. | 6.5 |
| 2024-06-06 | CVE-2024-5127 | Unspecified vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. | 5.4 |
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |