Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2024-6086

In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess() is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify organization attributes without proper authorization.

Published: Jun 27, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-6086
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-284
CWE-863

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
lunary / lunary	1.2.7	1.2.7.x

https://github.com/lunary-ai/lunary/commit/3451fcd7b9d95e9091d62c515752f39f2faa6e54
https://huntr.com/bounties/9e83f63f-c5c1-422f-8010-95c353f0c643

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo