GHSA-W73R-8MM4-CFVF Withdrawn Advisory: Lunary Improper Authentication vulnerability

Withdrawn Advisory This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. Original Advisory A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary. The saml.ts file allows...

CVE-2024-6582

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The saml.ts file allows a user from one organization to update the Identity Provider IDP settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and...

CVE-2024-6582

CVE-2024-6582 describes a broken access control in lunary-ai/lunary where the saml.ts component allows a user from one organization to modify IDP settings and view SSO metadata of another organization, potentially enabling unauthorized access and account takeover if a target email is known. This ...

Insufficient Session Expiration

@node-saml/node-saml is vulnerable to Insufficient Session Expiration. The vulnerability exists due to the lack of validation checks of the current timestamp in the processValidlySignedPostRequestAsync function of saml.ts, which allows an attacker to reuse LogoutRequest XML multiple times even wh...