Security Advisory

CVE-2024-3504

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-06 17:53:40

Last updated 2025-10-15 12:49:37

Assigner @huntr_ai

State PUBLISHED

Description

An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7.

← Browse all CVEs View on cve.org ↗