FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-6582

Improper Authentication (CWE-287)

Published: Sep 13, 2024 / Updated: 2mo ago

010
CVSS 4.3EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

Impact

This vulnerability has a high confidentiality impact. An attacker could potentially gain unauthorized access to sensitive information of other organizations, including their SSO metadata. This could lead to account takeovers if the email of a user in the target organization is known. The vulnerability has a CVSS v3 base score of 4.3, which is considered "Medium" severity. The attack vector is network-based, requires low attack complexity, and no user interaction, making it relatively easy to exploit.

Exploitation

One proof-of-concept exploit is available on huntr.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. According to the Github Advisory (GHSA-w73r-8mm4-cfvf), the patch was added on 2024-09-13. The vulnerability affects all versions of lunary-ai/lunary up to, but not including, version 1.4.9.

Mitigation

1. Update to version 1.4.9 or later of lunary-ai/lunary as soon as possible. 2. Implement strict access controls and regularly audit user permissions. 3. Monitor for any suspicious activities related to IDP settings changes or SSO metadata access. 4. Implement additional authentication factors for sensitive operations. 5. Regularly review and update SAML configurations. 6. Educate users about the importance of safeguarding their email addresses and credentials.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6582

Sep 13, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-6582. See article

Sep 13, 2024 at 5:21 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 13, 2024 at 5:21 PM
Vendor Advisory

GitHub Advisories released a security advisory.

Sep 13, 2024 at 6:31 PM
CVSS

A CVSS base score of 6.5 has been assigned.

Sep 13, 2024 at 7:31 PM / github_advisories
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 14, 2024 at 9:33 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (5000971)

Sep 16, 2024 at 7:53 AM
CVSS

A CVSS base score of 4.3 has been assigned.

Sep 19, 2024 at 7:50 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Sep 19, 2024 at 9:11 PM
Static CVE Timeline Graph

Affected Systems

Lunary/lunary
+null more

Exploits

https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59
+null more

Patches

Github Advisory
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-114: Authentication Abuse
+null more

Vendor Advisory

[GHSA-w73r-8mm4-cfvf] Lunary Improper Authentication vulnerability
GitHub Advisory Database / 2mo
GitHub Security Advisory: GHSA-w73r-8mm4-cfvf Release Date: 2024-09-13 Update Date: 2024-09-13 Severity: Moderate CVE-2024-6582 Base Score: 6.5 Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Package Information Package: lunary Affected Versions: Patched Versions: 1.4.9 Description A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary.

News

CVE-2024-6582 Exploit
inTheWild.io Exploits / 2mo
CVE Id : CVE-2024-6582 Published Date: 2024-09-19T19:45:00+00:00 A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. inTheWild added a link to an exploit: https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59
[GHSA-w73r-8mm4-cfvf] Lunary Improper Authentication vulnerability
GitHub Advisory Database / 2mo
GitHub Security Advisory: GHSA-w73r-8mm4-cfvf Release Date: 2024-09-13 Update Date: 2024-09-13 Severity: Moderate CVE-2024-6582 Base Score: 6.5 Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Package Information Package: lunary Affected Versions: Patched Versions: 1.4.9 Description A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary.
Unauthorized Access via Broken Access Control in Lunary
2mo
Lunary-ai - MEDIUM - CVE-2024-6582 A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.
CVE-2024-6582 | lunary-ai lunary up to 1.4.8 Setting saml.ts access control
VulDB Recent Entries / 2mo
A vulnerability was found in lunary-ai lunary up to 1.4.8 . It has been rated as critical . Affected by this issue is some unknown functionality of the file saml.ts of the component Setting Handler . The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-6582 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-6582 - Lunary Ai Saml Access Control Bypass Vulnerability
Latest Vulnerabilities / 2mo
CVE ID : CVE-2024-6582 Published : Sept. 13, 2024, 5:15 p.m. 22 minutes ago Description : A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. Severity:
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

CVSS 4.3(21798)CWE-287(3882)CWE-306(1267)Lunary(35)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial