Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2024-3504

An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7.

Published: Jun 6, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-3504
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
lunary / lunary	-	1.2.7

https://github.com/lunary-ai/lunary/commit/f7507f0949f6634f725ebb8da37c44f76542901f
https://huntr.com/bounties/97958fe4-be21-4b63-966f-8337c72c8e28

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo