Security Advisory

CVE-2024-10330

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:28

Last updated 2025-10-15 12:49:26

Assigner @huntr_ai

State PUBLISHED

Description

In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data.

← Browse all CVEs View on cve.org ↗