CVE-2024-6582

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433	Patch
https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-09-13 17:15

Updated : 2024-11-03 17:15

NVD link : CVE-2024-6582

Mitre link : CVE-2024-6582

CVE.ORG link : CVE-2024-6582

JSON object : View

Products Affected

lunary

lunary

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-6582", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-09-13T17:15:13.220", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso en la \u00faltima versi\u00f3n de lunary-ai/lunary. El archivo `saml.ts` permite que un usuario de una organizaci\u00f3n actualice la configuraci\u00f3n del proveedor de identidad (IDP) y vea los metadatos de SSO de otra organizaci\u00f3n. Esta vulnerabilidad puede provocar acceso no autorizado y una posible apropiaci\u00f3n de cuentas si se conoce el correo electr\u00f3nico de un usuario de la organizaci\u00f3n de destino."}], "lastModified": "2024-11-03T17:15:15.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C97FEE4-5604-4DA0-B695-116366C729AB", "versionEndExcluding": "1.4.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}