4 matches found
CVE-2024-6582
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider IDP settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and...
CVE-2024-6582
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider IDP settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and...
CVE-2024-6582
CVE-2024-6582 describes a broken access control in lunary-ai/lunary where the saml.ts component allows a user from one organization to modify IDP settings and view SSO metadata of another organization, potentially enabling unauthorized access and account takeover if a target email is known. This ...
CVE-2024-6582 Broken Access Control in lunary-ai/lunary
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider IDP settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and...