@huntr_aiVULNRICHMENT:CVE-2024-5478CVE-2024-5478 Cross-site Scripting (XSS) in SAML metadata endpoint in lunary-ai/lunary
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint /auth/saml/${org?.id}/metadata of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application’s failure to escape or validate the orgId parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the orgId parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens.
CNA Affected
[
{
"vendor": "lunary-ai",
"product": "lunary-ai/lunary",
"versions": [
{
"version": "unspecified",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "latest"
}
]
}
]
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%