Lucene search

@huntr_aiCVELIST:CVE-2024-5478

HistoryJun 06, 2024 - 6:20 p.m.

CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary

2024-06-0618:20:05

CWE-79

@huntr_ai

www.cve.org

cross-site scripting

saml metadata endpoint

lunary-ai/lunary

vulnerability

xml responses

javascript code

theft of user cookies.

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application’s failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the orgId parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens.

CNA Affected

[
  {
    "vendor": "lunary-ai",
    "product": "lunary-ai/lunary",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/e899f496-d493-4c06-b596-cb0a88ad451b

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-5478