We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.
Reserved 2024-07-08 | Published 2024-09-13 | Updated 2024-11-03 | Assigner @huntr_aiCWE-306 Missing Authentication for Critical Function
huntr.com/bounties/251d138c-3911-4a81-96e5-5a4ab59a0b59
github.com/...ommit/1f043d8798ad87346dfe378eea723bff78ad7433
Support options