cvedb.io
CVE-2024-6582
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2024-09-13T17:15:13.220 · Last modified 2026-06-17T08:18:17.150

Summary

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.

Affected products

lunary — lunary

Does this affect you?

Add your gear to cvedb and we'll alert you only when lunary ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.