CVE-2024-6582

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433	Patch
https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*

History

19 Sep 2024, 19:45

Type	Values Removed	Values Added
First Time		Lunary lunary Lunary
CWE		CWE-306
CPE		cpe:2.3:a:lunary:lunary::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 4.3
Summary		(es) Existe una vulnerabilidad de control de acceso en la última versión de lunary-ai/lunary. El archivo `saml.ts` permite que un usuario de una organización actualice la configuración del proveedor de identidad (IDP) y vea los metadatos de SSO de otra organización. Esta vulnerabilidad puede provocar acceso no autorizado y una posible apropiación de cuentas si se conoce el correo electrónico de un usuario de la organización de destino.
References	~~() https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433 -~~	() https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433 - Patch
References	~~() https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59 -~~	() https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59 - Exploit, Third Party Advisory

13 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-13 17:15

Updated : 2024-09-19 19:45

NVD link : CVE-2024-6582

Mitre link : CVE-2024-6582

CVE.ORG link : CVE-2024-6582

JSON object : View

Products Affected

lunary

lunary

CWE

CWE-306

Missing Authentication for Critical Function

CWE-287

Improper Authentication

{"id": "CVE-2024-6582", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-09-13T17:15:13.220", "references": [{"url": "https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso en la \u00faltima versi\u00f3n de lunary-ai/lunary. El archivo `saml.ts` permite que un usuario de una organizaci\u00f3n actualice la configuraci\u00f3n del proveedor de identidad (IDP) y vea los metadatos de SSO de otra organizaci\u00f3n. Esta vulnerabilidad puede provocar acceso no autorizado y una posible apropiaci\u00f3n de cuentas si se conoce el correo electr\u00f3nico de un usuario de la organizaci\u00f3n de destino."}], "lastModified": "2024-09-19T19:45:30.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C97FEE4-5604-4DA0-B695-116366C729AB", "versionEndExcluding": "1.4.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}