High severityNVD Advisory· Published Sep 13, 2024· Updated Nov 3, 2024
Broken Access Control in lunary-ai/lunary
CVE-2024-6582
Description
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lunarynpm | < 1.4.9 | 1.4.9 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.