Vulnerabilities > Lunary > Lunary > 1.2.31
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7474 | Unspecified vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-29 | CVE-2024-7475 | Unspecified vulnerability in Lunary An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. | 9.1 |
| 2024-09-13 | CVE-2024-6087 | Unspecified vulnerability in Lunary An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. | 6.5 |
| 2024-09-13 | CVE-2024-6582 | Missing Authentication for Critical Function vulnerability in Lunary A broken access control vulnerability exists in the latest version of lunary-ai/lunary. | 4.3 |
| 2024-06-06 | CVE-2024-5248 | Unspecified vulnerability in Lunary In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. | 6.5 |
| 2024-06-06 | CVE-2024-5277 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Lunary In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. | 7.5 |