Sightline

Critical

lunary

Improper Access Control on SAML Configuration

A vulnerability in version 1.3.2 allows unauthorized updates to the SAML configuration, potentially leading to authentication manipulation. This issue was patched in version 1.3.4.

Available publicly on Sep 27 2024 | Available with Premium on Aug 24 2024

CVE:

CVE-2024-7475

CWE:

284:Improper Access Control

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Credit:

mvlttt

Assess Detect

Premium

Remediate

Remediation Steps

Update to version 1.3.4 or later.
Implement proper access controls on the SAML configuration endpoint to ensure only authorized users can update the configuration.
Review and audit access control mechanisms for other critical endpoints to prevent similar vulnerabilities.

Patch Details

Fixed Version: 1.3.4
Patch Commit: https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 568- related security advisories that are available with Sightline Premium.