{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T09:53:30.415","vulnerabilities":[{"cve":{"id":"CVE-2024-6582","sourceIdentifier":"security@huntr.dev","published":"2024-09-13T17:15:13.220","lastModified":"2026-06-17T08:18:17.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known."},{"lang":"es","value":"Existe una vulnerabilidad de control de acceso en la última versión de lunary-ai/lunary. El archivo `saml.ts` permite que un usuario de una organización actualice la configuración del proveedor de identidad (IDP) y vea los metadatos de SSO de otra organización. Esta vulnerabilidad puede provocar acceso no autorizado y una posible apropiación de cuentas si se conoce el correo electrónico de un usuario de la organización de destino."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"lunary-ai","product":"lunary-ai/lunary","versions":[{"version":"unspecified","lessThan":"1.4.9","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"lunary-ai","product":"lunary-ai\\/lunary","defaultStatus":"unknown","cpes":["cpe:2.3:a:lunary-ai:lunary-ai\\/lunary:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"1.4.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-13T16:41:24.405716Z","id":"CVE-2024-6582","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.9","matchCriteriaId":"6C97FEE4-5604-4DA0-B695-116366C729AB"}]}]}],"references":[{"url":"https://github.com/lunary-ai/lunary/commit/1f043d8798ad87346dfe378eea723bff78ad7433","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}