CVE-2024-8999
Improper Access Control in lunary-ai/lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. The issue is fixed in version 1.4.26.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
lunary-ai · lunary-ai/lunary¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →