Flawed Privilege Check in Lunary AI Affects Sensitive Endpoint Security
CVE-2024-8765

7.3HIGH

Key Information:

Vendor: Lunary-ai
Status: Lunary-ai/lunary
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-8765?

A security flaw in Lunary AI's privilege check mechanism allows unauthenticated users to access sensitive endpoints inadvertently. This issue arises from the mishandling of authentication checks when the URL contains '/auth/', enabling attackers to interact with crucial data and system resources. Without proper safeguards, this vulnerability poses significant risks to data integrity and system security.

Affected Version(s)

lunary-ai/lunary < 1.4.23

References

https://huntr.com/bounties/4908cfcf-607a-412a-9635-966cbb...

https://github.com/lunary-ai/lunary/commit/7ff89b0304d191...

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Sep 12, 2024

Lunary-ai

What is CVE-2024-8765?

Affected Version(s)

References

CVSS V3.0

Timeline