VYPR
High severityNVD Advisory· Published Sep 13, 2024· Updated Nov 3, 2024

Broken Access Control in lunary-ai/lunary

CVE-2024-6582

Description

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lunarynpm
< 1.4.91.4.9

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.