Home > Vulnerability Database > CVE-2024-6582

Mend.io Vulnerability Database

CVE-2024-6582

Date: September 13, 2024

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The "saml.ts" file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

Language: TYPE_SCRIPT

Severity Score

4.3

Related Resources (5)

Url: https://github.com/lunary-ai/lunary

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6582

Url: https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59

Url: https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433

Url: https://www.mend.io/vulnerability-database/CVE-2024-6582

Severity Score

4.3

Weakness Type (CWE)

Improper Authentication

CWE-287

Missing Authentication for Critical Function

CWE-306

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6582

Date: September 13, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?