Security Advisory

CVE-2024-8765

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:37

Last updated 2025-03-20 18:19:01

Assigner @huntr_ai

State PUBLISHED

Description

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains /auth/ anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including /auth/ in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations resources without proper authentication.

← Browse all CVEs View on cve.org ↗